Skip to content

Instantly share code, notes, and snippets.

What would you like to do?
How to copy/paste your password in PayPal's change password form
PayPal blocks copy/paste actions in their "change password" form,
citing some irrelevant security issues as the reason. That's a
load of crap, and they know it -- disabling copy/paste makes it a
lot harder to use a decent password generator and a lot easier to
screw up your pwd when retyping, especially if it's a long one
(as it should be!).
So, here's the quick'n'dirty way to use an externally generated
password in your PayPal account:
* open the change password form;
* open up the console in your browser of choice (recent versions
of Firefox: CTRL+Shift+K, Chrome/Chromium: CTRL+Shift+J);
* you should see an input form at the bottom of the console;
copy/paste each of the following lines, replacing the string
"password" with your desired pwd and hitting enter after each
document.getElementById("new_password").value = "password";
document.getElementById("retype_password").value = "password";
* close the console by pressing the relevant key combo once
again, submit the form & voilà!
Copy link

ghost commented Aug 8, 2013

Quick update, this seems to work with the eBay form too. Certainly for the new account page.

document.getElementById("PASSWORD").value = "password";
document.getElementById("rpass").value = "password";

Copy link

jordanglassman commented Oct 23, 2013

The latest:

document.getElementById("pwdID").value = "password";
document.getElementById("retype_password").value = "password";

Thanks, Obama!

Copy link

ghost commented Jan 26, 2014

Another way round this is to disable javascript

Copy link

darrinholst commented Feb 4, 2014

You can't change your password without javascript enabled. It's pretty awesome!

Copy link

danorton commented Feb 19, 2014

Thanks. All my passwords are random sequences and my Bank, eBay and PayPal passwords are 22 characters (okay, PayPal yanks me down to 20 characters). What idiot at PayPal thinks that typing a random sequence of 20 characters is plausible? What idiot believes that it's more secure to force me to use a shorter or less-random password?

Copy link

flather commented Apr 12, 2014

Thanks, works perfectly.

Copy link

norpol commented Apr 23, 2014

Won't work with pass phrases that are longer than 20 chars, even if you try to "inject" it over the js-console.
@Paypal FIX THAT! 20 chars maximum are not valid for 2013.
Please :).

Copy link

greenmoss commented May 20, 2014

This didn't work for me, so I found a different way: go to the screen with the "change password" link on it. Disable Javascript (the chrome "quick javascript switcher" helps for this). Click the "change password" link. Laugh evilly at the "please enable javascript" complaint. Copy/Paste at will.

Copy link

keeganwitt commented May 22, 2014

It works, it's just the fields are now "password" and "retypepassword". Thanks for this!

Copy link

bburns commented May 23, 2014

Couldn't disable Javascript in Firefox without having to restart the browser (or so I read), but this worked great -

document.getElementById("password").value = "12345678901234567890";
document.getElementById("retypepassword").value = "12345678901234567890";

document.getElementById("new_password").value = "12345678901234567890";
document.getElementById("retype_password").value = "12345678901234567890";

Paypal's limit was 20 characters, I don't remember ebay's.

Copy link

pixxy commented May 23, 2014

Alternatively, just restore the ability to paste with a userscript (install).

If anyone knows the affected PayPal URLs, let me know and I'll add them.

Copy link

mykmelez commented May 24, 2014

Copy link

pixxy commented May 25, 2014

@mykmelez: Thanks, added.

Copy link

jurcyk commented May 28, 2014

userscript does not work, even with the updated include lines, and after removing paypal from the blacklist

Copy link

keeganwitt commented May 29, 2014

I found a video of eBay's password reset user testing. He seemed to like it.

Copy link

waynerad commented Aug 6, 2014

Thanks for this.

Skype also limits passwords to 20 characters but doesn't tell you. I found out by being unable to log in.

I don't understand why any company limits the length of passwords. They store cryptographic hashes, not the actual passwords, which always have a fixed length regardless of the length of the original password, so why do they care? Having a minimum, I understand, but not a maximum.

Copy link

ghost commented Dec 13, 2014

Thank you very much. eBay had this same insane nonsense, preventing me from using a secure 64-character password I could store in KeePass. Your method saved the day.

Copy link

faustarp commented Jan 18, 2015

Thank you all so much for clarifying. I can confirm that as of 18/01/2015 bburns' code:

document.getElementById("password").value = "12345678901234567890";
document.getElementById("retypepassword").value = "12345678901234567890";

still works for ebay; I did not test the paypal code.

Copy link

jedahan commented Jul 13, 2015

the ids are now pwdID and retype_password

Copy link

sjau commented Oct 18, 2015

Well, I think it's stupid to limit the password to 20 chars only.

I mean I use venerable pwgen tool usually like:
pwgen -ync 40
That gives me a 40 character long password containings small/capital letters, numbers and symbols.

Anyway, I was able to enter my generated password like this:

In chromium press ctrl-shift-j,
then go to the Elements tab
then navigate through the html to find the password fields
right-click the <input type="text"....> entries and selected "Edit Attributes"
added value="123456"
(doing it for both new password fields)
and submitted the form.

Copy link

Poopsie94502 commented Nov 18, 2015

Update PayPal passwords useing KeePass Auto-Type function.

Just create a new KeePass entry with the following Auto-Type sequence:

{USERNAME} is your old PayPal password
{PASSWORD} is your new PayPal password

That's it. Works until it doesn't.

Copy link

ghost commented Dec 2, 2015

Apparently PayPal isn't too happy when one calls them and complains about this retarded "security" feature. I believe the fact that I was reading this while on hold didn't help much because they now think I'm intending to "hack the PayPal website if that's even possible"(the consultant's words, not mine). Ah well, I should probably make that payment before I get suspended.

Copy link

chrisg123 commented Dec 12, 2015

from console works

Copy link

mahemoff commented Mar 15, 2016

Update: Same old security theatre, shiny new selector

document.getElementById("pwdID").value = "password";
document.getElementById("retype_password").value = "password";

Must be 8-20 characters.

Copy link

rhssk commented Aug 17, 2016

Here we go again:
document.getElementById("password").value = "password";
document.getElementById("retypepassword").value = "password";

Copy link

gp-Airee commented Nov 7, 2016

Values are pwdID and retype_password.

Copy link

DanJFletcher commented Dec 7, 2016

And we entrust them to our credit cards? lol
Thanks for the Gist

Copy link

Tangeek42 commented Sep 12, 2017

IDs have changed again. They now are newPassword and confirmNewPassword
I had to tryhard a few document.getElementsByTagName("input")[16].id; to find out. |_|

Copy link

ghost commented Nov 1, 2017

Thanks for updated IDs!

Copy link

Bluscream commented Dec 4, 2017

this should work with all the ids:

var pw = "password";
if (pw.length < 8) { alert("Password too short!\nMin 8 chars!"); return; }
else if (pw.length > 20 { alert("Password too long!\nMax 20 chars!"); return; }
var ids = ["pwdID", "retype_password", "newPassword", "confirmNewPassword", "password", "retypepassword"];
var arrayLength = ids.length;
for (var i = 0; i < arrayLength; i++) {
    document.getElementById(ids[i]).value = pw;

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment