What scares me most

[britechguy]

What i dont understand is that the icon is a bin, do these people store important paper work in a real-world bin?

Or put anything, of any type, that's important to them in a container with the triangular-arrows recycle mark?

This is why I can't fathom how the real-world direct parallels to the icons used don't seem to register, at all, for some. The picture has literally been painted, and those thousand words packed into it. "If it were a snake, it would've bit 'ya!"

 

[OrCrush]

And we're right back to the well-known, and oft-stated truth: The end user is the most substantial risk factor for security compromises - the weakest link in the security chain.

Yesterday's Twitter breach is a vivid demonstration of that fact.

Not bothering to keep track of your own PINs/Pass Codes/Passwords is a big security issue. And that's whether you're giving them to other people or not knowing your own when it's needed.

Read Kevin Mitnick’s book “The Art of Deception.” A very eye opening look into this issue.

 

[OrCrush]

Gotta love “Jane the Office Manager” with passwords on post it notes... either stuck in her monitor or, worse yet, on the bulletin board behind her chair where they can be easily read by anyone in the zoom meeting ...

 

[britechguy]

Passwords are a nightmare very simply because virtually all the "user education" about them involves trying to convince people to use secure passwords (a good thing, in and of itself) that are completely impossible for them to remember (a horrible thing, and the reason we have the Post-It notes situation to begin with).

Yes, password managers exist, and I support their use, but you have to remember a password to get in to your password manager, so that's got to be something that's memorable to you to begin with. I also don't use, and don't support using, the password generation feature of password managers because they create gobbledy-gook that no human is going to be able to remember. Who among us has not had need to access something of our own that is password protected when we do not have access to our password manager if we use one?

That's why I "invented" (I'm sure others have used this sort of formula, too, but I did my own write-up) The Portmanteau Method of Creating Passwords. This allows for the creation of passwords that are way more than long enough to be secure, and not involving common dictionary words in typical order, that are very easy for the given user who's generated that portmanteau and applied it consistently to remember (or even to get right with a couple of guesses if they don't) and to enter, as most of it becomes typing muscle memory.

The sooner that the computer security gurus dispense with the idea that they do not need to consider what human beings do, and are actually willing to do, as part of implementing account security the better. We've already had decades to observe that end users will, very deliberately and consistently, subvert security measures that are grossly inconvenient, making things far more insecure than they'd be if a method that is inherently less secure, but consistently easy to apply, were being used. "Going at this backward," and pretending you can and will have a more secure environment when you're forcing human behavior away from it by attempting to be overly careful does not work. Never has, never will.