location-watch watch, smartwatch media-replay replay, reload, refresh misc-simple-check simple check, ok, tick misc-gas gas, pump action-browse-discover-view browse, discover, view action-cart-shop cart, shop action-delete-trash delete, trash action-download download action-exchage exchage action-flag-alert flag, alert action-back-return-arrow back, return, arrow action-previous previous, back action-top top, up action-forward-arrow forward, arrow action-message message action-search search action-send-fast-paper-plane send, fast, paper, plane action-share-export share, export action-sign-fill sign, fill, contract, document, edit, file, page, paper, pen action-transfer transfer action-upload upload circle circle feature-heart-like-favorite heart, like, favorite feature-lock-secure lock, secure feature-lock lock feature-protection-umbrella protection, umbrella feature-secure-unlock secure, unlock feature-secure-unlocked secure, unlocked feature-smart smart feature-star-bookmark-favorite star, bookmark, favorite location-browser browser location-cloud-weather cloud, weather location-credit-card credit, card location-day day location-document document location-moon forecast, moon, night, weather location-history history location-home home location-inbox inbox location-menu menu location-smartphone smartphone location-tablet tablet location-user-profile user, profile location-wallet wallet location-world-ww world wide web, www media-airplay airplay media-audio-media-music-record-recording-records audio, media, music, record, recording, records media-camera-video camera, video media-mute mute media-play-next-filled play, next, filled media-play-next play, next media-radio radio media-rewind rewind media-forward forward media-volume volume misc-achievement-cup achievement, cup misc-add add misc-alarm-notification-bell alarm, notification, bell misc-archive-copy-document-documents-file-files archive, copy, document, documents, file, files misc-archive-copy-document-documents-file-files2 archive, copy, document, documents, file, files misc-arrow-ccw-back-history-left-repeat-restart-revert arrow, ccw, back, history, left, repeat, restart, revert misc-arrow-cw-forward-media-previous-redo-refresh arrow, cw, forward, media, previous, redo, refresh misc-bag-breafcase-bussiness-document-portfolio bag, breafcase, bussiness, document, portfolio misc-ball-sport ball, sport misc-battery battery misc-binder binder misc-charge charge misc-check check misc-cloude cloude misc-coffee coffee misc-config config misc-cube cube misc-database database misc-empty empty misc-flash-light flash, light misc-idia-lightbulb idia, lightbulb misc-magnet magnet misc-maps-base-coordinates-direction-find-folding-gps maps, base, coordinates, direction, find, folding, gps misc-pen pen misc-print print misc-remove remove misc-status status misc-windows windows misc-monitor monitor misc-stopwatch stopwatch util-access access util-alarm-bell alarm, bell util-alarm alarm util-atm-key-pad atm, key, pad util-bookmark-book bookmark, book util-bookmark bookmark util-box box util-calculator calculator util-calendar calendar util-camera-photo camera, photo util-chat chat util-data-analysis-analytics-bar-business-chart-charts data, analysis, analytics, bar, business, chart, charts util-info info util-learn learn util-link-connect link, connect util-mail-message mail, message util-map-pin-location map, pin, location util-open-mail-empty open, mail, empty util-open-mail open, mail util-config-wheel config, wheel util-settings settings util-sizer sizer util-speech speech util-time-clock time, clock util-time-sensitive time, sensitive web-cake-birthday cake, birthday web-calendar calendar web-dollar dollar web-faster-checkout faster, checkout web-send-and-receive send, and, receive web-woman woman web-no-extra-cost no, extra, cost logo-android-robot android, robot logo-apple apple logo-paypal paypal logo-kitsune kitsune, fox - Don't use this! :)

Password and PIN security

Having a secure, unique password for each of your online accounts is critically important. If a scammer gets just one password, they can begin to access your other accounts. That’s why it’s important to have a strong, unique password for your PayPal login.

Use unique passwords

Weak passwords are a problem. But using the same password across multiple websites is an even bigger security issue. Statistics show that the majority of people use three or fewer passwords across twenty or more Internet accounts. This means that a password is only as secure as the weakest Internet site that uses it.

At PayPal, we use the best industry-standard techniques to make sure passwords are secure, and we train our personnel in best security practices. But if another website has weaker security, even a strong password could be easily compromised.

Strong passwords

Strong passwords have the following characteristics:

  • More than 8 characters long.
  • Use lower case, upper case, a number, and a special character [like ~!@#$%^&*()_+=?><.,/].
  • Not a word or date associated with you (like a pet’s name, family names, or birth dates).
  • A combination of words with unusual capitalization, numbers, and special characters interspersed. Misspelled words are stronger because they are not in the dictionary used by attackers.
  • Something you can remember.

We use a password strength checker to help make sure new passwords are strong.

Managing multiple passwords

The more passwords you have to remember, the greater the risk you'll forget some of them. However, using the same password for multiple sites puts you at risk. So how can you avoid forgetting passwords?

One good way of keeping multiple passwords is writing them down. You can use complex passwords that are different from each other, and you don't face the risk of forgetting them. Of course, you don't want to write them down in their entirety, or you risk somebody stealing or viewing your list of passwords.

To avoid compromising your security if somebody gets a hold of your password list, don't write the passwords in their entirety. Memorize one part and write down the other. You can use the memorized part of your passwords for several accounts to help make it easier to remember; only the written parts would be different. This method will help you create specific passwords for different websites without the trouble of having to memorize every one of them.

Of course, it's not enough for either part of your passwords to be just a few characters long. That would make it too easy to guess or to test all possibilities. So make each part at least 6 characters in length. And don't forget to keep a copy of the list somewhere safe – just in case.

Don’t keep the password list in your wallet. If a thief were to steal your wallet, they'd get your personal information as well as access to your important accounts. If you need to carry the list with you, consider a password keeper app for your smartphone. Of course, you should use a strong, unique, memorable password for the app.

PIN security

PayPal Mobile applications, PayPal Point of Sale, and some web pages use a PIN.

Just like passwords, it's important that the PIN not be re-used across multiple sites; the PIN would only be as secure as the weakest site that uses it. So use a unique PIN for PayPal.

We require a 4- to 8-digit numeric PIN. Longer PINs are stronger than shorter ones: a 4-digit PIN has a 1:10,000 chance of being guessed, but an 8-digit PIN is 1:100,000,000. The more digits your PIN uses, the more secure it will be.

Don’t select a trivial PIN like 1234 or 1111; these are the most common and most easily guessed. The same goes for using your birth month and day (like 0317); people that know you might easily guess this. Don’t use a current or old phone number because these can easily be looked up. Don’t use the same PIN to unlock your phone and to access PayPal.

Here’s a trick we recommend: think of a memorable image and spell the words with the numeric pad. For example, if you imagine a blue cow, you would enter 2583269, which is B-L-U-E-C-O-W on the numeric pad. This is both easy to remember and secure.

Changing your password or PIN

Normally, there should be no reason to change your password or PIN. But there are a few cases where it's a good precaution. For example:

  • You notice something suspicious on your PayPal account
  • You suspect that someone you don’t trust has your password
  • You notice something suspicious in your email account or other online accounts
  • You have recently removed malware from your system
  • PayPal asks you to change your password

If one of these occurs, change your Password, PIN, and security questions immediately. You can change these under personal settings.

If you receive an email asking you to change your password, it could be a case of phishing. Instead of clicking on a suspect link in an email, just log into your PayPal account by manually typing the URL. Click the Settings tab, and then Personal Info. You will find the password, security questions, and PIN (if you've set one up) on this page.

PayPal Security Key

Your password is your first authentication factor when you log into PayPal. If you want additional security, you can add PayPal Security Key to your account as a second factor. This provides much stronger account protection than just a password.

See Security Key for more information.