I think I was sucked by a phishing Web site and gave up my PayPal password. SO FRUSTRATING! How can I jump onto the site and change the password before I get my account stolen?
This is definitely a question with a short fuse, so please open up another window in your browser and follow along, so that you can set a new password as quickly as possible. In any case, most people have a bad habit of leaving passwords for years once they’re set, finding it easier to get it into muscle memory rather than setting a new password every 3-6 months. Not good.
And if you’re not sure how a phishing attempt works, it’s typically like this: You get what seems to be a legit email from a company like PayPal. It tells you that your account has been compromised or similar, and requests that you log in and verify your balance. The email conveniently includes a link so you click on it and get to a Web page that looks exactly like the PayPal page. So you log in, and it generates an error. Meanwhile, the bad guys just got your account and password credentials. Uh oh!
So the first step on any password restore is to type into your Web browser’s address bar the PayPal URL. It’s http://www.paypal.com/, but I’m not going to make that clickable to emphasize the point. Type it in, don’t click links in email. Ever.
Now, once you’ve then logged in to your PayPal account — and I strongly recommend you set up 2-step verification for a second level of security too — click on the “Profile” link on the “My Account” navigational bar:
Click on “Update Password”, as I’ve circled above.
PayPal will then ask which of your passwords you want to update:
Definitely make sure you have security questions set up and know the answer (in case you do ever lose your password), but for this project choose “Password” and click “Edit”.
Hold on, though, it’s not quite that easy. Next PayPal wants you to confirm your identity:
I’ve redacted key information for my own privacy, but you can see that if you don’t also know the full number of one of the credit or debit cards associated with your PayPal account, you won’t be able to proceed further (which also suggests that it’d be darn hard for a bad guy to change your password with all of these in place, fortunately).
Pick one that you’ll use to confirm, enter the full card number, and click “Submit”.
If you entered it correctly, the next screen you’ll see is:
PayPal is pretty stringent about what you need to include in your password, but it’s just a good idea to include digits, upper and lowercase letters, and at least one punctuation symbol. It can still be mnemonic and memorable with a bit of creativity, but it really is worth coming up with a relatively arcane password, particularly when money’s involved.
Enter your old password, then the new – complicated! – one twice. Then click “Save”.
Done. Phew. And just in time!
Well, hopefully not. But seriously, be careful about clicking on Web site links in email next time.