Am I being mansplained?

Last night as I was creating a new account on a shopping site, I ran into an issue. As I filled in my information, I noticed the password was restricted to “8 to 10” characters. This immediately made me hesitate a bit to continue, but I dialed my generator down to 10 characters and continued on anyway. After 3 attempts to create an account returned an error (displayed as a red bordered div with a lighter red background, but no text whatsoever, without so much as a flag on the fields) I had my partner look over the form to see if I was somehow missing a required field … and she wondered if it was that I was using special characters in my password.

It was.

At that point my account was created, so I finished my transactions and sent in a comment to the site manager via the feedback form explaining my security concerns. Short version: this limitation steers users towards seriously weak passwords! A bit more background, here. I’m a web developer. While I’m not a security specialist, I do know a bit about the subject, how encryption works, and strong passwords. I will certainly entertain arguments about what makes a strong password, but 8-10, case sensitive, alphanumeric characters, doesn’t even make the running.

Today I received an email from a customer support rep (some information redacted). One important point, most of (Business)'s customers identify as women:

Dear (My Name Here),

My name is Tony, and I will be assisting you today. Thank you for
contacting (Business) Customer Support.

The use of the latest cutting edge technology ensures that your shopping
experience will be safe and secure. We encrypt your personal
information, including your name, address, and credit card number when
transmitting over the Internet using Secure Socket Layer (SSL) security
software. We constantly update our security procedures and enhance our
site to meet the very latest encryption standards. We retain a third
party security firm to audit our procedures to ensure compliance with
these standards. All of your sensitive information is scrambled before,
during and after your order is placed on our site.

You may notice an unbroken key or a closed lock at the bottom of the
page when you enter our “check-out” page. This means that your browser
has opened a secure connection with our site! You can also check by
looking at the URL line of your browser. When accessing a secure server,
the first characters of the site address will change from “http” to

Read our corporate Privacy Policy to understand how we protect your
privacy and your security when ordering online. (Business) is a highly
ethical company and requires the highest standard of conduct from our
employees and business partners. As members of the Direct Marketing
Association (DMA), the largest association of consumers and businesses
interested in direct marketing, we adhere to the Guidelines for Ethical
Business Practice, Shopping and Consumer Rights and the DMA’s Privacy

Initially, I read this with a kind of “yeah, yeah, nothing useful here …,” but then it hit me: Holy crap, I think I’m being mansplained! The first paragraph really has a kind of “there, there, don’t worry your pretty little head” feeling to it, but when they started to explain to me how to confirm a web page is (supposedly) secure? Yeah, I might be passingly familiar with the concept, but what does this have to do with their weak password policy?

So am being mansplained here? This is certainly most likely their canned response to security questions, but it still feels very insulting. I’ll admit my own bias here, as Tony could be female or genderqueer, but I still feel very much like I’m being talked down to here, especially since this is pretty square in my own field. I actually considered cancelling my order and deleting the account. I may still delete the account, but I’m kind of torn on the order … that’s still at least a maybe, though.

So, happy mutants … thoughts? Options? Hell if nothing else, I guess it means I’m genuinely being accepted as female (or non-male), at least for some purposes.


To me, that reads like protypical corporate speak calibrated for the median (read: not terribly tech-literate) user. No sexism required when you assume that your median client user knows less about encryption than today’s ten year-olds.


To me that reads as boilerplate garbage. The only thing that changes each reply is the name of the recipient.

Test it.

Make an account with a super hyper masculine name “Brock Masterson” and make the same complaint but with a lot of "bro"s and "dude"s thrown in.

I bet you’ll get the same response back, word for word.


I see it as being user-splained. But… dude here so it might be a blindspot for me.


You could try submitting another security question from an account with male gender signifiers, but I would be pretty shocked if you got back anything other than the exact same verbatim response.

The only question in my mind is whether Tony is a human who has roughly tried to line up your question with one of the canned answers, or if it’s a bot


Jinx! :wink:

And I bet bot.


I owe you a soda!

Either a bot, or someone making minimum wage in a country that isn’t the US.


An over-the-top masculine guy using a website that caters to women. Nope, not hiding anything, totally honest with himself…


Where does it say it caters to women? O_o

1 Like

[quote=“awfulhorrid, post:1, topic:86517”]
One important point, most of (Business)'s customers identify as women:


Well, I did assume that most of the customers of the site identify as women. The site sells feminine clothing, so it’s a fairly safe assumption.


Yeah, I do suspect you’re correct, although that’s still a lot of condescension in that boilerplate. I actually brought it among some of my web development associates on campus (without too many details) and the reaction to that password scheme was fun. (Including lots of hesitation to trust a site with security like that!)

At the least, I think I am going to reply to the contact and continue the conversation.


Patronizing boilerplate non-answer, but practically indistinguishable from the patronizing boilerplate non-answers I’ve seen from male-oriented sites I’ve bothered to express concerns about (also a web dev), so… hard to tell. Probably not?

I mean sort of the same mindset - they see your opinion as worthless because of who you are, but I don’t get anything sexist from it so much as a general contempt for their customers in general, which could have sexist origins but is pretty common in the industry without it.


Gotdammit I scanned twice looking for that and missed it both damn times! Stupid eyes!


Hah I like that, and that seems accurate to me.


Sweetie, you’re not being Mansplained. Let me explain what mansplaining actually is…



You forgot the leading, “well…”. Nice try, though.


's a good name. Name like that, you could tag-team with Flex Rumblecrunch and Blaster McMassive.


OK, this made me laugh!

Now I feel bad for starting my comment above with that. Gah!


I’d agree with that. For that matter, it is entirely possible that the response is boilerplate being sent by an employee who isn’t terribly tech-literate either. From the standard “customer is concerned about site security” folder in the file drawer…