Skip to content

Instantly share code, notes, and snippets.

@nikolaplejic
Created September 6, 2012 10:36
Show Gist options
  • Save nikolaplejic/3654637 to your computer and use it in GitHub Desktop.
Save nikolaplejic/3654637 to your computer and use it in GitHub Desktop.
How to copy/paste your password in PayPal's change password form
PayPal blocks copy/paste actions in their "change password" form,
citing some irrelevant security issues as the reason. That's a
load of crap, and they know it -- disabling copy/paste makes it a
lot harder to use a decent password generator and a lot easier to
screw up your pwd when retyping, especially if it's a long one
(as it should be!).
So, here's the quick'n'dirty way to use an externally generated
password in your PayPal account:
* open the change password form;
* open up the console in your browser of choice (recent versions
of Firefox: CTRL+Shift+K, Chrome/Chromium: CTRL+Shift+J);
* you should see an input form at the bottom of the console;
copy/paste each of the following lines, replacing the string
"password" with your desired pwd and hitting enter after each
one:
document.getElementById("new_password").value = "password";
document.getElementById("retype_password").value = "password";
* close the console by pressing the relevant key combo once
again, submit the form & voilà!
Copy link

ghost commented Aug 8, 2013

Quick update, this seems to work with the eBay form too. Certainly for the new account page.

document.getElementById("PASSWORD").value = "password";
document.getElementById("rpass").value = "password";

@jordanglassman
Copy link

The latest:

document.getElementById("pwdID").value = "password";
document.getElementById("retype_password").value = "password";

Thanks, Obama!

Copy link

ghost commented Jan 26, 2014

Another way round this is to disable javascript

@darrinholst
Copy link

You can't change your password without javascript enabled. It's pretty awesome!

@danorton
Copy link

Thanks. All my passwords are random sequences and my Bank, eBay and PayPal passwords are 22 characters (okay, PayPal yanks me down to 20 characters). What idiot at PayPal thinks that typing a random sequence of 20 characters is plausible? What idiot believes that it's more secure to force me to use a shorter or less-random password?

@flather
Copy link

flather commented Apr 12, 2014

Thanks, works perfectly.

@norpol
Copy link

norpol commented Apr 23, 2014

Won't work with pass phrases that are longer than 20 chars, even if you try to "inject" it over the js-console.
@Paypal FIX THAT! 20 chars maximum are not valid for 2013.
Please :).

@greenmoss
Copy link

This didn't work for me, so I found a different way: go to the screen with the "change password" link on it. Disable Javascript (the chrome "quick javascript switcher" helps for this). Click the "change password" link. Laugh evilly at the "please enable javascript" complaint. Copy/Paste at will.

@keeganwitt
Copy link

It works, it's just the fields are now "password" and "retypepassword". Thanks for this!

@bburns
Copy link

bburns commented May 23, 2014

Couldn't disable Javascript in Firefox without having to restart the browser (or so I read), but this worked great -

ebay
document.getElementById("password").value = "12345678901234567890";
document.getElementById("retypepassword").value = "12345678901234567890";

paypal
document.getElementById("new_password").value = "12345678901234567890";
document.getElementById("retype_password").value = "12345678901234567890";

Paypal's limit was 20 characters, I don't remember ebay's.

@pixxy
Copy link

pixxy commented May 23, 2014

Alternatively, just restore the ability to paste with a userscript (install).

If anyone knows the affected PayPal URLs, let me know and I'll add them.

@mykmelez
Copy link

@pixxy
Copy link

pixxy commented May 25, 2014

@mykmelez: Thanks, added.

@jurcyk
Copy link

jurcyk commented May 28, 2014

userscript does not work, even with the updated include lines, and after removing paypal from the blacklist

@keeganwitt
Copy link

I found a video of eBay's password reset user testing. He seemed to like it. http://youtu.be/oNrWgjh9tnU

@waynerad
Copy link

waynerad commented Aug 6, 2014

Thanks for this.

Skype also limits passwords to 20 characters but doesn't tell you. I found out by being unable to log in.

I don't understand why any company limits the length of passwords. They store cryptographic hashes, not the actual passwords, which always have a fixed length regardless of the length of the original password, so why do they care? Having a minimum, I understand, but not a maximum.

Copy link

ghost commented Dec 13, 2014

Thank you very much. eBay had this same insane nonsense, preventing me from using a secure 64-character password I could store in KeePass. Your method saved the day.

@faustarp
Copy link

Thank you all so much for clarifying. I can confirm that as of 18/01/2015 bburns' code:

document.getElementById("password").value = "12345678901234567890";
document.getElementById("retypepassword").value = "12345678901234567890";

still works for ebay; I did not test the paypal code.

@jedahan
Copy link

jedahan commented Jul 13, 2015

the ids are now pwdID and retype_password

@sjau
Copy link

sjau commented Oct 18, 2015

Well, I think it's stupid to limit the password to 20 chars only.

I mean I use venerable pwgen tool usually like:
pwgen -ync 40
That gives me a 40 character long password containings small/capital letters, numbers and symbols.

Anyway, I was able to enter my generated password like this:

In chromium press ctrl-shift-j,
then go to the Elements tab
then navigate through the html to find the password fields
right-click the <input type="text"....> entries and selected "Edit Attributes"
added value="123456"
(doing it for both new password fields)
and submitted the form.

@Poopsie94502
Copy link

Update PayPal passwords useing KeePass Auto-Type function.

Just create a new KeePass entry with the following Auto-Type sequence:
{USERNAME}{TAB}{PASSWORD}{TAB}{PASSWORD}{ENTER}

{USERNAME} is your old PayPal password
{PASSWORD} is your new PayPal password

That's it. Works until it doesn't.

Copy link

ghost commented Dec 2, 2015

Apparently PayPal isn't too happy when one calls them and complains about this retarded "security" feature. I believe the fact that I was reading this while on hold didn't help much because they now think I'm intending to "hack the PayPal website if that's even possible"(the consultant's words, not mine). Ah well, I should probably make that payment before I get suspended.

@chrisg123
Copy link

$("#new_password").val("yournewpassword");
$("#retype_password").val("yournewpassword");
from console works

@mahemoff
Copy link

Update: Same old security theatre, shiny new selector

document.getElementById("pwdID").value = "password";
document.getElementById("retype_password").value = "password";

Must be 8-20 characters.

@rhssk
Copy link

rhssk commented Aug 17, 2016

Here we go again:
document.getElementById("password").value = "password";
document.getElementById("retypepassword").value = "password";

@gp-Airee
Copy link

gp-Airee commented Nov 7, 2016

Values are pwdID and retype_password.

@DanJFletcher
Copy link

And we entrust them to our credit cards? lol
Thanks for the Gist

@Tangeek42
Copy link

Tangeek42 commented Sep 12, 2017

IDs have changed again. They now are newPassword and confirmNewPassword
I had to tryhard a few document.getElementsByTagName("input")[16].id; to find out. |_|

Copy link

ghost commented Nov 1, 2017

Thanks for updated IDs!

@Bluscream
Copy link

Bluscream commented Dec 4, 2017

this should work with all the ids:

var pw = "password";
if (pw.length < 8) { alert("Password too short!\nMin 8 chars!"); return; }
else if (pw.length > 20 { alert("Password too long!\nMax 20 chars!"); return; }
var ids = ["pwdID", "retype_password", "newPassword", "confirmNewPassword", "password", "retypepassword"];
var arrayLength = ids.length;
for (var i = 0; i < arrayLength; i++) {
    document.getElementById(ids[i]).value = pw;
}
document.getElementById("change_password").removeAttribute("disabled")
//document.getElementsByName("validatePwdForm")[0].submit(); 

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment