Hacker News new | ask | show | jobs
by jegoodwin3 3651 days ago
Perhaps the companies involved have been told by their lawyers that choosing a password is a legal action, like an electronic signature, that must be performed by a human, letter by letter, to have certain legal ramifications.

It is only stupidity if you assume the only purpose of a password (or a physical key) is security, and not also authorized entry. It may still be a poor engineering solution to the requirement (because engineers were told the solution, to asked to meet the requirement). But it is wrong to assume there is no reason for the requirement.

You can't paste your legally binding electronic signature either, I'll warrant. I've had to type out my name plenty of times, in digital contracts, even though my browser is quite capable of auto-filling.
3 comments
spullara 3651 days ago
This is all made up nonsense. You can paste your signature, choose some random image to represent your signature, or even merely click to sign. Have you used Docusign? HelloSign? Document signing in Mac Preview? Please don't spread FUD.
link
jegoodwin3 3651 days ago
The companies involved have specified a protocol for communicating your chosen password to them. Namely, the well known "spelling protocol" whereby you repeat your choice, letter by letter, to the other party. They have gone to some pains to enforce that protocol.

The article advocates breaking the bank's protocol for your own convenience because you supposedly know more than the other party. In general, in life, this is bad advice.

Please do not ask people to do things against the will of the other contracting party for their own convenience, without considering the risks of doing so.

link
okletsgoyayok 3649 days ago
You know, we all -- us individuals -- have our own protocols as well. These don't always align with yours.

This may be hard for you to grasp.

link
spullara 3649 days ago
I think they were being sarcastic.
link
morgante 3651 days ago
> Perhaps the companies involved have been told by their lawyers that choosing a password is a legal action, like an electronic signature

That might be plausible if anyone actually thought that.

E-contracts require typing out a signature, not a random phrase.

link
kowdermeister 3651 days ago
> It is only stupidity if you assume the only purpose of a password (or a physical key) is security, and not also authorized entry.

What's the difference really? I'm either way blocked from accessing my account. I don't give a damn what that some idiot nontechnical lawyer put into the ToS. I find these kind of services annoying anyways and the first sign is usually forcing me to pick a less secure password.

link