PayPal Community

iak_tern · ‎Jan-25-2020

Hi,

I just changed my account password and noticed that Paypal changed the set of allowed special characters in a password to "!@#$%^&*()"

Why did they do that?

Are there any good reasons for minimizing the set of allowed characters? In my mind having fewer characters available reduces the security. And in the security domain it is usually not a good practice to go its own way. (I don't know any other website having the same character set)

Usual special characters that are missing are: ><.,-?

This can even reduce the security in another aspect: If people have working password schemes and are not able used them anymore, because a special character is now not allowed, they need to create a new password (scheme) for only one website... that can become a bad thing because people often tend to use the easiest possible way...

Please help me understand why Paypal changed their password guidelines, because I think it is rather a security reduction than an improvement.

Thank you

JinxedNeth · ‎May-18-2020

Was going around changing my passwords for increased protection and saw this to my dismay. To be honest it's probably just a coding restriction that's not worth fixing to them(lazy). Guess This will be my password for awhile.

Melshmallow046 · ‎Feb-20-2021

I just noticed this today, and it's very annoying. I'm changing the passwords to all my accounts since I had fraudulent charges on my credit card just two weeks after replacing it for the same reason, and I don't know what the root cause, otherwise I would leave my password as-is on PayPal.

PayPal Community

Why did Paypal change it password guidelines (the allowed set of special characters)?

Haven't Found your Answer?