Blaming users is dumb. Attachments are meant to be open, links are meant to be clicked, and login forms meant to be filled.
-
-
Replying to @botherder
If you tell me it's the users fault, I'll think you have never seen how real world attacks are being orchestrated.
2 replies 34 retweets 172 likes -
Replying to @botherder
Any decent adversary will make the attack credible, engage with fake personas before delivering it, and often impersonate trusted contacts.
2 replies 28 retweets 154 likes -
Replying to @botherder
You need to educate users on risks but more importantly on how to apply a security model. You can't expect them to become malware hunters.
4 replies 47 retweets 198 likes -
Replying to @botherder
If a user gets phished, it's because they weren't equipped with U2F tokens, not because they clicked on the link.
7 replies 59 retweets 221 likes -
Replying to @botherder
Or (less inconvenience to user) because they knew a password to begin with and policy didn't have pw manager & all random pws.
1 reply 0 retweets 1 like
Teaching/allowing users to manually create & enter passwords is the core security UX & technical flaw here.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.