SwiftOnSecurityOne of the biggest security expertise redpills is this is unironically a good idea and the time spent making fun of it was ill-advised for most users whose physical security threat is not a factor in comparison.
Overcoming the incentive to dunk on “users” behavior is an important element in maturing your security understanding. You have a set of levers to pull. Human nature is not one of them. Deal with that or be a righteous failure.
Edginess and denigration is not a measure of effectiveness when your subjects’ success is the criteria. I fear some see Security as a way to be a veto of correctness – rather than a mediator of implementing a solution. The former easy, the latter a lifetime of work.
NosirrahSec 🏴☠️ guillotine enthusiast@SwiftOnSecurity Been on the, "written in a book is better for 90% of use-cases" train for a while now.
I AM BANKSY ☕ / 🗑🔥@xinit @SwiftOnSecurity Exactly!
I tell my clients' users that reusing your password from another service is nearly the worst possible thing you can do.
A unique, weak, password is almost preferable than a reused password IMO. (if other mitigating factors are in place, rate limiting, mfa, etc.)