I found out a little nuance in the way you login to PayPal: securely and not securely. Unfortunately, the default is not secure.
When presented to PayPal.com there is a member login and password area. If you login through this, it is *not* secure. Notice http instead of https. If you click on ‘Log In’ it will take you to a secure login web page. https shows up along with the security lock (which shows that the site credentials are for www.paypal.com
Doug
not true, when going to http://www.paypal.com or paypal.com you’re automatically redirected to https://www.paypal.com
check the facts before posting …
If I go to http://www.paypal.com it is not secure because it is http://www.paypal.com. There is no lock on the browser to see if I’m really on paypal.com. The web page may be spoofed. If I enter in my email address and password then click on login I do not have any guarantee that the information is being sent to paypal.com – eventually I see it is redirected to a secure page.
Unfortunately, this flawed technique is popular with banks: you type in your login information on an unsecured page then it is redirected to a secure page. Microsoft and others have warned against this very security problem.
Doug
I’m curious what browser are you using ? I have tried this from 3 different browsers on windows also on linux and mac os. The only thing that didn’t take the redirect right was the old text mode lynx. Whenever typing http://www.paypal.com the browser redirects me to https://www.paypal.com/ *before* I can fill any username/password field. Maybe something’s wrong with the way your browser is set up. But you’re right I have seen the issue you’re describing on other web sites.
I did some investigation. If the email and/or password is saved for paypal.com then it will be redirected to https://www.paypal.com. If no login information is saved then it goes to http://www.paypal.com. I tried this in IE7 and Firefox 2.0.
Of course always clicking on Login brings you to https://www.paypal.com.
Doug