PayPal

Name: PayPal Password Policy Grade
Item: PayPal
Rating: 8
Author: PassFail.wtf Community

banking⚠ Unverified⚠ Needs re-verificationLast tested 2mo ago

83/110

75%

83/110

0 verifications

Category Breakdown

Category 1

Password Length Policy

10/20

20 char max — major payment processor should do better

Category 2

Character & Composition Rules

20/20

Category 3

Multi-Factor Authentication

18/25

Supports authenticator apps

Category 4

Anti-Pattern Penalties

20/20

Category 5

Password Manager Compatibility

15/15

Category 6

Breach Response & Credential Hygiene

0/10

✗

Password length restrictions are too tight

Allow minimum 8 chars, support up to at least 64 characters (preferably unlimited)

Reference: NIST SP 800-63B §5.1.1

✗

No breach detection

Check new passwords against known-breached lists (e.g. HaveIBeenPwned API). Notify users of relevant breaches

Reference: NIST SP 800-63B §5.1.1.2

Help the community by testing this policy yourself. Earn +5 karma for each verification.

No comments yet. Be the first to share your experience.