-
-
Save nikolaplejic/3654637 to your computer and use it in GitHub Desktop.
| PayPal blocks copy/paste actions in their "change password" form, | |
| citing some irrelevant security issues as the reason. That's a | |
| load of crap, and they know it -- disabling copy/paste makes it a | |
| lot harder to use a decent password generator and a lot easier to | |
| screw up your pwd when retyping, especially if it's a long one | |
| (as it should be!). | |
| So, here's the quick'n'dirty way to use an externally generated | |
| password in your PayPal account: | |
| * open the change password form; | |
| * open up the console in your browser of choice (recent versions | |
| of Firefox: CTRL+Shift+K, Chrome/Chromium: CTRL+Shift+J); | |
| * you should see an input form at the bottom of the console; | |
| copy/paste each of the following lines, replacing the string | |
| "password" with your desired pwd and hitting enter after each | |
| one: | |
| document.getElementById("new_password").value = "password"; | |
| document.getElementById("retype_password").value = "password"; | |
| * close the console by pressing the relevant key combo once | |
| again, submit the form & voilà! |
Alternatively, just restore the ability to paste with a userscript (install).
If anyone knows the affected PayPal URLs, let me know and I'll add them.
A URL for Paypal is:
@mykmelez: Thanks, added.
userscript does not work, even with the updated include lines, and after removing paypal from the blacklist
I found a video of eBay's password reset user testing. He seemed to like it. http://youtu.be/oNrWgjh9tnU
Thanks for this.
Skype also limits passwords to 20 characters but doesn't tell you. I found out by being unable to log in.
I don't understand why any company limits the length of passwords. They store cryptographic hashes, not the actual passwords, which always have a fixed length regardless of the length of the original password, so why do they care? Having a minimum, I understand, but not a maximum.
Thank you very much. eBay had this same insane nonsense, preventing me from using a secure 64-character password I could store in KeePass. Your method saved the day.
Thank you all so much for clarifying. I can confirm that as of 18/01/2015 bburns' code:
document.getElementById("password").value = "12345678901234567890";
document.getElementById("retypepassword").value = "12345678901234567890";
still works for ebay; I did not test the paypal code.
the ids are now pwdID and retype_password
Well, I think it's stupid to limit the password to 20 chars only.
I mean I use venerable pwgen tool usually like:
pwgen -ync 40
That gives me a 40 character long password containings small/capital letters, numbers and symbols.
Anyway, I was able to enter my generated password like this:
In chromium press ctrl-shift-j,
then go to the Elements tab
then navigate through the html to find the password fields
right-click the <input type="text"....> entries and selected "Edit Attributes"
added value="123456"
(doing it for both new password fields)
and submitted the form.
Update PayPal passwords useing KeePass Auto-Type function.
Just create a new KeePass entry with the following Auto-Type sequence:
{USERNAME}{TAB}{PASSWORD}{TAB}{PASSWORD}{ENTER}
{USERNAME} is your old PayPal password
{PASSWORD} is your new PayPal password
That's it. Works until it doesn't.
Apparently PayPal isn't too happy when one calls them and complains about this retarded "security" feature. I believe the fact that I was reading this while on hold didn't help much because they now think I'm intending to "hack the PayPal website if that's even possible"(the consultant's words, not mine). Ah well, I should probably make that payment before I get suspended.
$("#new_password").val("yournewpassword");
$("#retype_password").val("yournewpassword");
from console works
Update: Same old security theatre, shiny new selector
document.getElementById("pwdID").value = "password";
document.getElementById("retype_password").value = "password";
Must be 8-20 characters.
Here we go again:
document.getElementById("password").value = "password";
document.getElementById("retypepassword").value = "password";
Values are pwdID and retype_password.
And we entrust them to our credit cards? lol
Thanks for the Gist
IDs have changed again. They now are newPassword and confirmNewPassword
I had to tryhard a few document.getElementsByTagName("input")[16].id; to find out. |_|
Thanks for updated IDs!
this should work with all the ids:
var pw = "password";
if (pw.length < 8) { alert("Password too short!\nMin 8 chars!"); return; }
else if (pw.length > 20 { alert("Password too long!\nMax 20 chars!"); return; }
var ids = ["pwdID", "retype_password", "newPassword", "confirmNewPassword", "password", "retypepassword"];
var arrayLength = ids.length;
for (var i = 0; i < arrayLength; i++) {
document.getElementById(ids[i]).value = pw;
}
document.getElementById("change_password").removeAttribute("disabled")
//document.getElementsByName("validatePwdForm")[0].submit();
Couldn't disable Javascript in Firefox without having to restart the browser (or so I read), but this worked great -
ebay
document.getElementById("password").value = "12345678901234567890";
document.getElementById("retypepassword").value = "12345678901234567890";
paypal
document.getElementById("new_password").value = "12345678901234567890";
document.getElementById("retype_password").value = "12345678901234567890";
Paypal's limit was 20 characters, I don't remember ebay's.