If it increases the attack surface at all, it makes it easier. Being that this site facilitates monetary transactions, I would hope they would be trying to limit their attack surface in any way possible.
I think the real point here is that there are more secure solutions. Saying that it's not all that less secure isn't a great argument.
>I think the real point here is that there are more secure solutions. Saying that it's not all that less secure isn't a great argument.
I'd say it's a very good argument, this appears to be a non-issue that doesn't justify the dev time spent on "fixing" it. We don't live in a world with infinite dev resources.
Edit: Since someone appears to disagree, how would you exploit this "bug"?
Unfortunately this only helps protect a twitter account. It doesn't protect against the greater concern, where the password has been cracked and the user has reused the password on other sites.
Or being part of a culture where "sleep is for the weak".
Certainly folks at the bottom of the economic ladder are sleep deprived due to needing to work multiple jobs and take care of kids. But there are a lot of high-status communities that put a positive value on sleep deprivation. I hear from multiple sources that this is true in medicine. I know from experience that this is true at MIT.
Those cultures need to change. There is no good reason for an introductory computer architecture class to make its assignments due at 6am.
When I was an undergraduate TA in Computational Physics, we had a deadline of Monday 8am, which arised from a technicality: At Monday 8am, a cron job would download the submissions from the designated mailbox, and print them, so that we could pick them up for grading when we came into the office that morning.
You're absolutely right though. It would be more sensible to have the cronjob run at Sunday 8pm instead, given that nobody is in the office until Monday morning anyway.
How does sexual harassment further the aims of the team?