Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
How to copy/paste your password in PayPal's change password form
PayPal blocks copy/paste actions in their "change password" form,
citing some irrelevant security issues as the reason. That's a
load of crap, and they know it -- disabling copy/paste makes it a
lot harder to use a decent password generator and a lot easier to
screw up your pwd when retyping, especially if it's a long one
(as it should be!).
So, here's the quick'n'dirty way to use an externally generated
password in your PayPal account:
* open the change password form;
* open up the console in your browser of choice (recent versions
of Firefox: CTRL+Shift+K, Chrome/Chromium: CTRL+Shift+J);
* you should see an input form at the bottom of the console;
copy/paste each of the following lines, replacing the string
"password" with your desired pwd and hitting enter after each
one:
document.getElementById("new_password").value = "password";
document.getElementById("retype_password").value = "password";
* close the console by pressing the relevant key combo once
again, submit the form & voilà!
@davidcueva

This comment has been minimized.

Copy link

@davidcueva davidcueva commented Dec 31, 2012

Thanks, works like a charm.

@nathan815

This comment has been minimized.

Copy link

@nathan815 nathan815 commented Apr 1, 2013

Although I already knew how to do this (I typed out the JavaScript myself before I found this), I was trying it in the address bar with "javascript:" and it didn't work but when I read this it says to put the JavaScript in the console and sure enough, it worked. Thanks!

@anarkyn

This comment has been minimized.

Copy link

@anarkyn anarkyn commented May 16, 2013

They've changed their page around a little, the "new_password" field is now just named "password". Use this instead:

document.getElementById("password").value = "password";
document.getElementById("retype_password").value = "password";

@tdkl

This comment has been minimized.

Copy link

@tdkl tdkl commented Jun 14, 2013

@anarkyn: nope, it's actually new_password again.

Thanks to @nikolaplejic, dunno what Paypal has been smoking for this "security" feature.

@ghost

This comment has been minimized.

Copy link

@ghost ghost commented Aug 8, 2013

Quick update, this seems to work with the eBay form too. Certainly for the new account page.

document.getElementById("PASSWORD").value = "password";
document.getElementById("rpass").value = "password";

@jordanglassman

This comment has been minimized.

Copy link

@jordanglassman jordanglassman commented Oct 23, 2013

The latest:

document.getElementById("pwdID").value = "password";
document.getElementById("retype_password").value = "password";

Thanks, Obama!

@ghost

This comment has been minimized.

Copy link

@ghost ghost commented Jan 26, 2014

Another way round this is to disable javascript

@darrinholst

This comment has been minimized.

Copy link

@darrinholst darrinholst commented Feb 4, 2014

You can't change your password without javascript enabled. It's pretty awesome!

@danorton

This comment has been minimized.

Copy link

@danorton danorton commented Feb 19, 2014

Thanks. All my passwords are random sequences and my Bank, eBay and PayPal passwords are 22 characters (okay, PayPal yanks me down to 20 characters). What idiot at PayPal thinks that typing a random sequence of 20 characters is plausible? What idiot believes that it's more secure to force me to use a shorter or less-random password?

@flather

This comment has been minimized.

Copy link

@flather flather commented Apr 12, 2014

Thanks, works perfectly.

@norpol

This comment has been minimized.

Copy link

@norpol norpol commented Apr 23, 2014

Won't work with pass phrases that are longer than 20 chars, even if you try to "inject" it over the js-console.
@Paypal FIX THAT! 20 chars maximum are not valid for 2013.
Please :).

@greenmoss

This comment has been minimized.

Copy link

@greenmoss greenmoss commented May 20, 2014

This didn't work for me, so I found a different way: go to the screen with the "change password" link on it. Disable Javascript (the chrome "quick javascript switcher" helps for this). Click the "change password" link. Laugh evilly at the "please enable javascript" complaint. Copy/Paste at will.

@keeganwitt

This comment has been minimized.

Copy link

@keeganwitt keeganwitt commented May 22, 2014

It works, it's just the fields are now "password" and "retypepassword". Thanks for this!

@bburns

This comment has been minimized.

Copy link

@bburns bburns commented May 23, 2014

Couldn't disable Javascript in Firefox without having to restart the browser (or so I read), but this worked great -

ebay
document.getElementById("password").value = "12345678901234567890";
document.getElementById("retypepassword").value = "12345678901234567890";

paypal
document.getElementById("new_password").value = "12345678901234567890";
document.getElementById("retype_password").value = "12345678901234567890";

Paypal's limit was 20 characters, I don't remember ebay's.

@pixxy

This comment has been minimized.

Copy link

@pixxy pixxy commented May 23, 2014

Alternatively, just restore the ability to paste with a userscript (install).

If anyone knows the affected PayPal URLs, let me know and I'll add them.

@mykmelez

This comment has been minimized.

Copy link

@mykmelez mykmelez commented May 24, 2014

@pixxy

This comment has been minimized.

Copy link

@pixxy pixxy commented May 25, 2014

@mykmelez: Thanks, added.

@jurcyk

This comment has been minimized.

Copy link

@jurcyk jurcyk commented May 28, 2014

userscript does not work, even with the updated include lines, and after removing paypal from the blacklist

@keeganwitt

This comment has been minimized.

Copy link

@keeganwitt keeganwitt commented May 29, 2014

I found a video of eBay's password reset user testing. He seemed to like it. http://youtu.be/oNrWgjh9tnU

@waynerad

This comment has been minimized.

Copy link

@waynerad waynerad commented Aug 6, 2014

Thanks for this.

Skype also limits passwords to 20 characters but doesn't tell you. I found out by being unable to log in.

I don't understand why any company limits the length of passwords. They store cryptographic hashes, not the actual passwords, which always have a fixed length regardless of the length of the original password, so why do they care? Having a minimum, I understand, but not a maximum.

@ghost

This comment has been minimized.

Copy link

@ghost ghost commented Dec 13, 2014

Thank you very much. eBay had this same insane nonsense, preventing me from using a secure 64-character password I could store in KeePass. Your method saved the day.

@faustarp

This comment has been minimized.

Copy link

@faustarp faustarp commented Jan 18, 2015

Thank you all so much for clarifying. I can confirm that as of 18/01/2015 bburns' code:

document.getElementById("password").value = "12345678901234567890";
document.getElementById("retypepassword").value = "12345678901234567890";

still works for ebay; I did not test the paypal code.

@jedahan

This comment has been minimized.

Copy link

@jedahan jedahan commented Jul 13, 2015

the ids are now pwdID and retype_password

@sjau

This comment has been minimized.

Copy link

@sjau sjau commented Oct 18, 2015

Well, I think it's stupid to limit the password to 20 chars only.

I mean I use venerable pwgen tool usually like:
pwgen -ync 40
That gives me a 40 character long password containings small/capital letters, numbers and symbols.

Anyway, I was able to enter my generated password like this:

In chromium press ctrl-shift-j,
then go to the Elements tab
then navigate through the html to find the password fields
right-click the <input type="text"....> entries and selected "Edit Attributes"
added value="123456"
(doing it for both new password fields)
and submitted the form.

@Poopsie94502

This comment has been minimized.

Copy link

@Poopsie94502 Poopsie94502 commented Nov 18, 2015

Update PayPal passwords useing KeePass Auto-Type function.

Just create a new KeePass entry with the following Auto-Type sequence:
{USERNAME}{TAB}{PASSWORD}{TAB}{PASSWORD}{ENTER}

{USERNAME} is your old PayPal password
{PASSWORD} is your new PayPal password

That's it. Works until it doesn't.

@ghost

This comment has been minimized.

Copy link

@ghost ghost commented Dec 2, 2015

Apparently PayPal isn't too happy when one calls them and complains about this retarded "security" feature. I believe the fact that I was reading this while on hold didn't help much because they now think I'm intending to "hack the PayPal website if that's even possible"(the consultant's words, not mine). Ah well, I should probably make that payment before I get suspended.

@chrisg123

This comment has been minimized.

Copy link

@chrisg123 chrisg123 commented Dec 12, 2015

$("#new_password").val("yournewpassword");
$("#retype_password").val("yournewpassword");
from console works

@mahemoff

This comment has been minimized.

Copy link

@mahemoff mahemoff commented Mar 15, 2016

Update: Same old security theatre, shiny new selector

document.getElementById("pwdID").value = "password";
document.getElementById("retype_password").value = "password";

Must be 8-20 characters.

@rhssk

This comment has been minimized.

Copy link

@rhssk rhssk commented Aug 17, 2016

Here we go again:
document.getElementById("password").value = "password";
document.getElementById("retypepassword").value = "password";

@gp-Airee

This comment has been minimized.

Copy link

@gp-Airee gp-Airee commented Nov 7, 2016

Values are pwdID and retype_password.

@DanJFletcher

This comment has been minimized.

Copy link

@DanJFletcher DanJFletcher commented Dec 7, 2016

And we entrust them to our credit cards? lol
Thanks for the Gist

@Tangeek42

This comment has been minimized.

Copy link

@Tangeek42 Tangeek42 commented Sep 12, 2017

IDs have changed again. They now are newPassword and confirmNewPassword
I had to tryhard a few document.getElementsByTagName("input")[16].id; to find out. |_|

@ghost

This comment has been minimized.

Copy link

@ghost ghost commented Nov 1, 2017

Thanks for updated IDs!

@Bluscream

This comment has been minimized.

Copy link

@Bluscream Bluscream commented Dec 4, 2017

this should work with all the ids:

var pw = "password";
if (pw.length < 8) { alert("Password too short!\nMin 8 chars!"); return; }
else if (pw.length > 20 { alert("Password too long!\nMax 20 chars!"); return; }
var ids = ["pwdID", "retype_password", "newPassword", "confirmNewPassword", "password", "retypepassword"];
var arrayLength = ids.length;
for (var i = 0; i < arrayLength; i++) {
    document.getElementById(ids[i]).value = pw;
}
document.getElementById("change_password").removeAttribute("disabled")
//document.getElementsByName("validatePwdForm")[0].submit(); 
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment