Tech Graveyard/authentication
The Wet-Ink Signature (Ancient to Dying)
I spent a career building consent into software, and the whole time the legal system ran on a squiggle a child could forge. The wet-ink signature was security theater that lasted three millennia. It is finally dying.
Born -1000 · Still dying · Status: dying
Certificate of Death
Name of decedent
The Wet-Ink Signature
- Born
- -1000
- Died
- —
- Age
- 3026+
Cause of death
Remote work and digital contracts made physical ink impractical, and e-signature was both faster and more verifiable. Cryptographic signing then made the handwritten mark legally and technically redundant.
Survived by
Real-estate closings, certain notarized and witnessed documents, wills in many jurisdictions, and ceremonial signing of treaties and bills.
Invented by
Articulated by ancient scribes and seal-bearers; codified into common law by centuries of contract doctrine and the 1677 Statute of Frauds.
The hook
A handwritten signature proves almost nothing. It can be traced, forged by a teenager, or scrawled differently every time and still hold up in court. We built three thousand years of law and commerce on a mark that fails every test we would demand of a password. Why did we ever trust it?
Thesis. The wet-ink signature was the longest-running security control in human history and one of the weakest. It is dying because cryptography can finally do what ink only pretended to do: prove who consented, to what, and when.
The story
Origin: a mark that stood in for a person
Long before literacy was common, people sealed agreements with a personal mark, a cylinder seal, or a signet ring pressed into wax. The point was never the handwriting. It was the claim that a specific person had been present and assented.
Common law eventually formalized this. The 1677 Statute of Frauds required certain contracts to be signed, and the signature became the legal hinge of consent. By the modern era, the squiggle at the bottom of a page was the difference between a binding contract and a worthless draft.
Peak: the notarized, witnessed, wet-ink document
Through the twentieth century the signature was everywhere: checks, mortgages, employment contracts, treaties. We layered ceremony on top of it to compensate for its weakness, notaries, witnesses, embossed seals, and initialing every page.
At its 1990 peak, a single house purchase could require dozens of wet-ink signatures across paper carried by courier. The ritual felt serious. It was also almost entirely unverifiable after the fact.
The shift: e-signature unbundled the ink from the consent
The 2000 U.S. ESIGN Act and UETA gave electronic signatures the same legal weight as ink. The EU followed with the eIDAS regulation in 2014. DocuSign, founded in 2003, and Adobe Sign turned signing into a click with an audit trail attached.
This was the quiet revolution. An e-signature is not a picture of your handwriting; it is a logged event with a timestamp, an IP address, and a tamper-evident record. For the first time, the system captured more about the consent than the mark itself ever did.
The death: cryptography retires the mark itself
E-signature retired the ink. Cryptographic signing is retiring the signature. eIDAS qualified electronic signatures, FIDO2 and WebAuthn signing, and W3C Verifiable Credentials bind a consent event to a private key only the signer controls.
The handwritten squiggle has no place in that chain. When consent can be proven by math, scoped to one document, and revoked, the symbolic mark becomes the weakest link you would deliberately remove. By 2030 wet ink survives mostly as ceremony.
Key data points
- The 1677 Statute of Frauds first required signatures for certain contracts to be enforceable.
- The U.S. ESIGN Act took effect in 2000, giving electronic signatures legal parity with handwritten ones.
- The EU eIDAS regulation, adopted 2014, defines simple, advanced, and qualified electronic signatures.
- DocuSign was founded in 2003 and helped make audit-trailed e-signing mainstream. [verify]
- Handwriting comparison has no standardized error rate and forged signatures routinely pass casual inspection. [verify]
- A qualified electronic signature under eIDAS carries the same legal effect as a handwritten signature across the EU.
- FIDO2/WebAuthn signatures are bound to a private key held in hardware that never leaves the device.
Contrarian angle
The handwritten signature was security theater that ran for three thousand years and underpinned all of law and commerce while proving almost nothing. There is an identity lesson buried in that. You used to POSSESS a signature, a personal mark you owned and reproduced from memory. Now you AUTHENTICATE a consent event with a key you control but never see. Ownership became access. The unsettling part is not that ink is dying. It is that cryptographic consent is the first time consent has ever actually been provable, which forces the question of why we trusted a forgeable squiggle for so long.
The flip side
What replaces it
The paired prediction in Future Tech.
Read the predictionFAQ
Is a handwritten signature still legally valid?
Yes, it remains valid for most purposes, and a few document types still require it. But it is no longer the most verifiable option, and e-signatures carry equal legal weight in the U.S. and EU.
How is an e-signature different from a photo of my signature?
A photo proves nothing. A compliant e-signature is a logged event with a timestamp, identity verification, and a tamper-evident audit trail. The record, not the image, is what holds up.
What is a cryptographic or qualified electronic signature?
It binds a consent event to a private key only you control, so the document cannot be altered without breaking the signature. eIDAS qualified signatures and FIDO2/WebAuthn signing are examples.
Why was the wet-ink signature considered weak security?
It is trivially forged, varies every time you write it, and is almost impossible to verify after the fact. It proved presence by convention, not by evidence.
Will physical signing disappear entirely?
Not soon. Real-estate closings, some notarized documents, wills, and ceremonial signings will keep wet ink alive for years, mostly as ritual rather than as a security control.
More from guptadeepak.com
Want the technical deep-dive on what replaces this?
Read the companion articleRelated obituaries
More from the authentication graveyard.
1961 — Dying
DyingThe Password
I built a CIAM platform that handled 200 million password resets a year. Even from inside the industry, I missed how fast passkeys would flip the model.
Cause: Apple, Google, and Microsoft simultaneously defaulted to passkeys
authentication · Peak 2010 · Final breath 2030
2011 — Dying
DyingSMS-Based MFA
The most cited example of cybersecurity inertia. NIST deprecated SMS MFA in 2017. It took SIM-swap attacks on Coinbase and Twitter founders to force action.
Cause: SIM-swap attacks on high-profile accounts forced regulatory action
authentication · Peak 2018 · Final breath 2027