passfail
.wtf
Browse
Submit
Leaderboard
Methodology
Blog
⌘K · Search
PayPal Password Policy Grade | PassFail.wtf
browse
/
banking
/ paypal
PayPal · banking
Seed data from Thomas's policy observations. Needs re-verification.
👍 Agree
👎 Disagree
Share:
Post
Bluesky
Reddit
LinkedIn
Copy link
Final grade
rubric v1.1
C
83
/110
75% · pass
01
10/20
02
20/20
03
18/25
04
20/20
05
15/15
06
0/10
Tested · 2026-01-01
Verified · 0 independent testers
Agreement · 0% of 0 votes
Scorecard
What they should fix
Evidence
Timeline
Comments · 0
Scorecard
Ten categories, 110 points, NIST SP 800-63B aligned.
01.
10 / 20
Password Length Policy
20 char max — major payment processor should do better
02.
20 / 20
Character & Composition Rules
03.
18 / 25
Multi-Factor Authentication
Supports authenticator apps
04.
20 / 20
Anti-Pattern Penalties
05.
15 / 15
Password Manager Compatibility
06.
0 / 10
Breach Response & Credential Hygiene
Community Verification
Help the community by testing this policy yourself. Earn +5 karma for each verification.
Submit verification
Grade valid 6 months from test date · submitted 1mo ago
passfail.wtf/site/paypal