PayPal chief says his staff should remember their PayPal passwords. I say he’s wrong

Graham Cluley
Graham Cluley
@[email protected]

David MarcusDavid Marcus, the President of PayPal, is upset with staff at the company’s San Jose headquarters.

As VentureBeat reports, he chastised workers in an internal email, telling them to leave the company if they weren’t prepared to install the PayPal smartphone app.

And, he said, you can clear off if you can’t remember your PayPal password as well.

Here is part of what he wrote:

Sign up to our free newsletter.
Security news, advice, and tips.
Part of David Marcus's email (with my highlighting)
Part of David Marcus’s email (with my highlighting)

In closing, if you are one of the folks who refused to install the PayPal app or if you can’t remember your PayPal password, do yourself a favor, go find something that will connect with your heart and mind elsewhere. A life devoid of purpose, and passion in what you do everyday is a waste of the precious time you have on this earth to make it better.

Hang on a minute Dave.

Isn’t not knowing your password actually a *good* thing?

If you know your password, chances are that you’ve chosen an easy-to-remember password. Or you’re using the very same password in multiple places.

A much more sensible and safer approach would be to use unique passwords for every single account you use. That way, if your email password gets phished there is no danger that the bad guys will use those credentials to access, say, your PayPal account.

PayPalIndeed, I would go further and recommend that every password you use should not only be unique but be a complicated, hard-to-remember sequence of characters and numbers (or a gibberish phrase) that is never going to be guessed and would be arduous for even the most dedicated hacker to crack.

Of course, people don’t need to remember their passwords if they are using decent password management software – which can store their passwords securely, and generate a new, random, complicated password everytime they need one.

I, for one, have no idea what my passwords are for Amazon, PayPal, email, Twitter, the list goes on…

David – if you *know* your password rather than having a password management program to do that for you, I’m kind of worried.

If you do make the mistake of reusing passwords, you are running the risk of having your password compromised in one place (perhaps via a phishing attack or key logger) and then hackers using it to unlock your other online accounts.

Maybe it’s time to try out some password management software like Bitwarden, 1Password, and KeePass to make your passwords both safer and easier to remember.

Poor old David Marcus hasn’t been having a great week.

On Monday he tweeted that his credit card got skimmed during a visit to the UK.

Tweet from David Marcus, president of PayPal

Lets hope things get better for him soon, and that he realises forgetting his PayPal password might actually be a good thing.

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

3 comments on “PayPal chief says his staff should remember their PayPal passwords. I say he’s wrong”

  1. What an utterly dickish email to send to your staff! I don't use the software which is made by the company I work for but I'm still able to find "purpose and passion".

  2. Ken Jennings

    The problem is; and has always been, STATIC passwords stored on servers that we as users can not control.

    No matter how hard we try to protect ourselves by having long complicated passwords or by changing them frequently, using password vault software, we will still be victimized when the hackers hack the servers we trust to store our passwords.

    If you want to get a bunch of money, do you mug someone on the street or do you rob a bank?

    If you want to get a bunch of passwords, do you hack someone's email account or do you hack Yahoo, or Target, or Comcast?

    We need to STOP using STATIC Passwords
    We need to START using One Time Passwords
    We need to CONTINUE our vigilance to protect our privacy and Identities

    Ask your server operators to STOP forcing you to use STATIC passwords
    @embedprivacy @urqui

  3. Yeah,, I agree with you Mr. Cluley, "not knowing your password is actually a *good* thing". I have accounts on 226 different sites and trust me I know passwords of only few of them. LastPass remembers all the passwords for me and I have faith on it more than I have on myself ;) …

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.