@patrickcmiller

impatience, naivety, overconfidence

How about lack of relevant education from their olders combined with companies specifically MISEDUCATING them?

Budget-conscious youngsters may be more inclined to look for such content on third-party app stores, forums and other sites.

Actually... this is a normal and good behavior. They are just missing massive swaths of foundation to do this safely.

Only going with Major Brand Downloading Sites has not exactly been good for privacy, and leads to content getting lost at the whims of the host.

Always stick to official app stores

Put google's bullshit in that threat model or so help me

Deploy security software from a trusted provider to all PCs and devices.

Way too vague. Put Norton's bullshit in your threat model or so help me

Put Nord's bullshit in your threat model or so help me

to share knowledge, and communicate risk with empathy and understanding.

Well yes... but also... we need to share the Old Tools with them as well. What they are doing is Not New, and they need access to the whole woods to do it correctly, not just a gated garden.

Let's teach em how to use popularity to judge a tool, how to swing a proverbial hammer, and what preditors are out there, then let em go build their own forts.

They're clever kids. They're just missing some key knowledge.

@patrickcmiller

Deliberately sensational headline for clicks; buried lede:

In an email FIDO Alliance CEO Andrew Shikiar cast doubt on the seriousness of the vulnerability. “The attack described here does not reflect a vulnerability in passkeys or FIDO protocols,” he said. “Rather, it illustrates the importance of service providers moving entirely away from passwords and other phishable sign-in methods as soon as possible."

See the replies in my thread here for why:

https://infosec.exchange/@tychotithonus/115030865003149160