This can be a useful idea, requiring a checkbox on password managers, e.g., "[ ] Pause for additional input".
No one ever answers how often security breaks are from: passwords being guessed, brute forced, or shared; client side compromise from malware, keyloggers, and first-hop IP session takeover; or server side compromise from poor custom code and poor infrastructure choices. Anecdotally, the chart leans to the server side security breaches.
In the absence of knowledge, we get two security talks repeated over and over. This is the first: do a better job with passwords. The second is "You are irrovacably insecure because of [some issue], but update your passwords regularly."
Security has not developed a reputation for being a craft or science.
> No one ever answers how often security breaks are from: passwords being guessed, brute forced, or shared; client side compromise from malware, keyloggers, and first-hop IP session takeover; or server side compromise from poor custom code and poor infrastructure choices.
It's really hard to get those guys to fill out questionnaires.
No one ever answers how often security breaks are from: passwords being guessed, brute forced, or shared; client side compromise from malware, keyloggers, and first-hop IP session takeover; or server side compromise from poor custom code and poor infrastructure choices. Anecdotally, the chart leans to the server side security breaches.
In the absence of knowledge, we get two security talks repeated over and over. This is the first: do a better job with passwords. The second is "You are irrovacably insecure because of [some issue], but update your passwords regularly."
Security has not developed a reputation for being a craft or science.