Thursday, August 18, 2011

Hey Paypal!

PayPal wanted a survey from is my reply. Wondered if this is too harsh?
"I periodically change all my passwords and my answers to the secret questions. This is a prudent action on my part, but apparently this behavior triggers an event related to a possible security problem in PayPal's system. I understand why this happens, but the security policies should be refactored. PayPal ought to use two factor authentication. For those that do not have access to the second factor, then drop back to the antiquated system. Also, if I remember correctly, PayPal does not allow passwords to be over a certain length. This is a super huge red flag that you are possibly storing my password plain text OR the frontend is just bush league and not sophisticated enough to prevent an overflow into the DB. In any case, this password policy is not what I expect from a banking institution. I don't have anything personal against your company, but it seems PayPal's priorities are mixed up."