Password and PIN Security

Having a secure password is of critical importance. If a scammer gets your passwords, they can access your accounts.

It is important to have a strong unique password for your PayPal account.

Use Unique Passwords

Statistics show that the majority of users have three passwords or less that they use across twenty or more Internet accounts. This means that the password is only as secure as the weakest Internet site that the user visits.

Password reuse across multiple websites is a bigger security problem than weak passwords.

PayPal uses the best industry standard techniques to ensure that passwords are secure and trains PayPal personnel in best security practices. But, does your gardening club website have the same security? Even a strong password is easily compromised if it is used on sites like this. The administrator for a hobby site may not know how to secure password information or how to secure the website. The administrator may be a disgruntled contractor that decides to sell the email addresses and passwords to scammers for a few hundred dollars.

Strong Passwords

Strong passwords have the following characteristics:

  • More than 8 characters long
  • Use lower case, upper case, a number, and a special character like [~!@#$%^&*()_+=?><.,/]
  • Is not a word or date that is associated with you, like a pet’s name, family names or birthdates
  • A combination of words with unusual capitalization, numbers and special characters interspersed makes strong passwords. Misspelled words are stronger because they are not in the dictionary used by attackers.
  • Something you can remember

PayPal has implemented a password strength checker to ensure that new passwords are strong.

Managing Multiple Passwords

The more passwords you have to remember, the greater is the risk that you will forget some of them every once in a while. Except if you use the same password for many sites, which puts you at risk. So how can you avoid forgetting passwords?

One good way of making sure that you do not forget passwords is to write them down. You can use complex passwords that are different from each other, and you don't face the risk of forgetting them. Of course, you don't want to write them down in their entirety, or you risk somebody stealing or viewing your list of passwords.

To avoid the problem of somebody getting hold of your list of passwords, don't write the passwords in their entirety. You memorize one part, and write down another part. To help make it easier to remember password, use the memorized part of your passwords for many accounts. The part you write down would all be different. This method will help you make up specific passwords for different websites without the trouble of having to memorize every one of them.

Of course, it's not enough for either part of your passwords-the one you write down or the one you memorize-to be just a few characters long. That would make it too easy to guess or to test all possibilities. Make each part long enough, at least 6 characters each.

And don't forget to keep a copy of the list you make somewhere safe-just in case!

Don’t keep the password list in your wallet. If a thief steals your wallet, they will get your personal information and access to your important accounts. If you need to carry the list with you, consider a password keeper App for your smartphone, but be sure that the App has a strong unique password that you can remember.

PIN Security

The PayPal Mobile applications, PayPal Point of Sale and some web pages use a PIN.

Just like Passwords it is important that the PIN not be re-used across multiple sites, because the PIN will only be as secure as the weakest site. Use a unique PIN for PayPal.

PayPal requires a 4 to 8 numeric PIN. Longer PINs are stronger than shorter PINs. A 4 digit PIN has a one in 10000 chance of being guess but an 8 digit PIN is one in 100 million. The more digits used in the PIN, the more secure it will be.

Don’t select a trivial PIN like 1234 or 1111 since these are the most common and most easily guessed. Don’t use your birth month and day like 0317 since people that might casually know you easily guess this. Don’t use a current or old phone number because these can easily be looked up. Don’t use the same PIN to unlock your phone and to access PayPal.

Think of an image that you can remember and spell the words with the numeric pad. For example, imagine a Blue Cow and enter 2583269, which is B-L-U-E-C-O-W on the numeric pad. This is both easy to remember and secure.

Changing your Password or PIN

Normally, there should be no reason to change your Password or PIN, but there are some cases where it is a good precaution. These include:

  • You notice something suspicious on your PayPal account
  • You suspect that someone you don’t trust has your Password
  • You notice something suspicious in your email account or other online accounts
  • You have recently removed malware from your system
  • PayPal asks you to change your Password

If one of these occurs, then change your Password, PIN and Security Questions immediately. You can change these under your personal settings.

If you receive an email asking you to change your password, be wary of phishing. Instead of clicking on a suspect link in an email just log into your PayPal account and click the Settings tab, then Personal Info. You will find the Password, Security Questions and PIN (if you have set up one) on this page.

PayPal Security Key

Your password is your first authentication factor when you log into PayPal. If you want additional security, you can add PayPal Security Key to your account as a second factor. This provides much stronger account protection than just a password.

See Security Key for more information.