Hi, Saul and everyone, I’m new here,I started reading on this board in July. I can say it’s a life-changing experience for me to learn how to invest in growth stocks. I have read a lot of growth stock investing books but nothing comparable to what I’ve learned here on this board from Saul and quite a few other experienced investors. Really appreciate that.
Today since the board is super quiet I want to contribute something for a discussion.
It is my own experience with docusign. We are refinancing our mortgage so our agent sent the documents for us to sign. She sent to my husband email address so I reminded him to sign. Then we find out if I just click the link in the email, I can use his saved signature to sign for him without any further confirmation of his identity. It immediately raised my concern. We believe Gmail is pretty safe, but how about people using not that safe email address overseas and if the email address is hacked, can someone else sign for him? I’m not a techie but can someone please provide some knowledge about security with docusign, really appreciate it!
My understanding, as a non information security expert, is that Docusign takes in a number of additional variables when you sign including IP address and MAC address. So if in the case someone from over seas were to hack into your email account and sign for you, Docusign could see this based on location data.
Source: Motley Fool Money Podcast with CEO Dan Springer https://www.fool.com/podcasts/motley-fool-money/2020-06-19-r…
If it’s anything like Adobe eSign, the MAC and IP Addresses are added to the audit trail along with all your actions using the mouse to sign, as evidence that the signing action took place.
As for authenticating the signers identity, having access to the e-mail account (which presumably was previously verified as belonging to the signing party) is definitely a means of authentication, albeit with a low level of security. I guess for the notary this is sufficient.
Docusign does provide higher levels of authentication, such as verification using photo ids and such:
https://www.docusign.com/products/identify
Identify your way
DocuSign Identify has a spectrum of choices for organizations that need to identify signers beyond the standard practice of clicking an emailed link.
DocuSign ID Verification is fully integrated with DocuSign eSignature, enabling customers to securely verify signers’ identities prior to accessing the agreement. DocuSign ID Verification supports government photo IDs and European eIDs by analyzing the document security features and matching the name on the agreement against the name on the ID. After a successful verification, the signer can view the agreement and sign as usual.
This latter method of authentication is probably required for more sensitive signings, such as for opening a bank account.
Docusign takes in a number of additional variables when you sign including IP address and MAC address.
So, if you are privacy/security minded and you regularly use a VPN or other means to protect your information, which also disguises your IP address, what happens?
Also, and I admit this isn’t my strong suit, I don’t believe your MAC address is available from a browser unless you’ve download a plug-in (or you’re using an app). Your ISP knows the MAC address of your router, but not of your machines inside.
Also, and I admit this isn’t my strong suit, I don’t believe your MAC address is available from a browser unless you’ve download a plug-in (or you’re using an app). Your ISP knows the MAC address of your router, but not of your machines inside.
At our marina WiFi access was granted to MAC address to prevent people from sharing the passwords. I have no idea how it’s done but you don’t need any plug-in or app, the browser is all you need.
Using MAC address makes little sense for DocuSign because it ties the user down to one device, the user could not use an internet cafe, for example.
Denny Schlesinger
At our marina WiFi access was granted to MAC address to prevent people from sharing the passwords. I have no idea how it’s done but you don’t need any plug-in or app, the browser is all you need.
The browser isn’t involved here. It’s the “marina”'s router that knows the MAC address of everything that tries to connect to it. That doesn’t get passed on to web sites you visit.
In addition, browsers don’t send the MAC address to sites you visit.
Using MAC address makes little sense for DocuSign because it ties the user down to one device, the user could not use an internet cafe, for example.
If it’s a different computer than you have used in the past, that can be contributory information if you later try to challenge a claim that you signed something. Docusign does claim that they collect MAC address if you use their app, which makes sense.
Note that Docusign does support two-factor authentication, so you’d need some kind of personal device to be able to log in. I don’t know if you can specify that docs to be signed are signed only by accounts using MFA or the Docusign app.
I did find out that while Docusign supports Notarization in some US states, you still have visit a Notary Public in person. But, at least the documents are all on-line.
My guess is that the contract that the initial poster was referring to was either acceptance of an offer or the making of an offer to purchase real estate; the identity issues present that early in a legal process are not that significant, because there are two real estate agents involved at the beginning with clients, and the process typically progresses to attorney review on both sides. Identity issues would typically be either sorted or or identified in the more rigorous parts of the process.
And, Docusign not only has documents for notarization, they have a videoconferencing notarization process (with a notary on one end) that can be used in states allowing such circumstances. 2020 has been pivotal in advancing such innovations, of course.
https://techcrunch.com/2020/07/07/docusign-acquires-liveoak-….
The acquired LiveOak process includes video conferencing, according to that link.