This afternoon, I had to change a Paypal password. I went to Paypal, got to the screen to change my password, and after an attempt to choose a new password, I was confronted with this screen.


Paypal and password security screenshot


I definitely had at least eight characters in my password. I didn’t use my name or my email address. I used a mixture of upper and lowercase letters and numbers and symbols. Paypal just refused to change my password. I decided to test a longer password, specifically, InfinityIsCool4321! (I’m not actually using this password, so it’s safe to share it here) which according to this script would take 12.13 trillion, trillion centuries to break. Paypal still refused to accept my password, presumably because it contained some common words.

I’ve written about passwords before. It’s annoying that Paypal would rather that people created passwords they will forget (unless they write them down, kind of negating some of the security of a password) than to use some simple tips to create a secure password.

This is part of the reason people get frustrated with technology. When developers build forms which are broken like this, it makes the casual user feel like technology is something magical and incomprehensible.