Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

So, this is just someone on the BritishGas twitter account. We do not know if that person is repeating accurately what they've been told or just making stuff up.

Assuming they asked the correct people in BG website accounts security, and those people said "it's to prevent brute force attacks" we do not know if that's the real reason they do it or if it's just what they say to people who ask.

What is really frustrating is that there is no possibility of getting this changed - allow people to paste their passwords and use rate limiting to catch brute forcing.

Having said that, some aspects of BG's computer system are horrific for customers so I don't doubt that they do stupid things for stupid reasons.



Thank you! I get amazed every time the internet freaks out because XYZ Company confirms "blah", when in reality, it's just a single service rep, who probably just wants to get you off of the phone.


Its way worse with the advent of social media consultants/reps because their stupid explanation gets saved for the entire world to see, even if its about a section of a multi-billion dollar company they have no idea about. Low level reps have never had such an impact on companies as they do on social media.


As if blocking pasting actually stops brute force attachs... Can still just write a script that repeatedly makes those HTTP(S) requests. They accomplished nothing except annoy their more technically advanced users.

Do they think a brute force attack is done by someone copy-pasting in passwords?


The reason is irrelevant - there is no reason why you should do this.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: