Comments on: Logging into PayPal the Right Way

By: dd

dd — Wed, 06 Dec 2006 22:13:05 +0000

I did some investigation. If the email and/or password is saved for paypal.com then it will be redirected to https://www.paypal.com. If no login information is saved then it goes to http://www.paypal.com. I tried this in IE7 and Firefox 2.0.
Of course always clicking on Login brings you to https://www.paypal.com.

Doug

By: gabb17

gabb17 — Wed, 06 Dec 2006 01:04:25 +0000

I’m curious what browser are you using ? I have tried this from 3 different browsers on windows also on linux and mac os. The only thing that didn’t take the redirect right was the old text mode lynx. Whenever typing http://www.paypal.com the browser redirects me to https://www.paypal.com/ *before* I can fill any username/password field. Maybe something’s wrong with the way your browser is set up. But you’re right I have seen the issue you’re describing on other web sites.

By: webmaster

webmaster — Mon, 04 Dec 2006 18:52:14 +0000

If I go to http://www.paypal.com it is not secure because it is http://www.paypal.com. There is no lock on the browser to see if I’m really on paypal.com. The web page may be spoofed. If I enter in my email address and password then click on login I do not have any guarantee that the information is being sent to paypal.com - eventually I see it is redirected to a secure page.
Unfortunately, this flawed technique is popular with banks: you type in your login information on an unsecured page then it is redirected to a secure page. Microsoft and others have warned against this very security problem.

Doug

By: gabb17

gabb17 — Mon, 04 Dec 2006 08:47:29 +0000

not true, when going to http://www.paypal.com or paypal.com you’re automatically redirected to https://www.paypal.com
check the facts before posting …