And when "Aunt Tillie" installs a keylogging trojan, it's Game Over. Not only that, but she had no idea how to make backups.
A paper pad, on the other hand, is extremely secure against cyberattack, and she has tons of experience with managing it and creating backups. And it's almost what she was gonna do anyway.
I think the point is that these schemes are still vulnerable to one of the most common types of malware. It speaks to the fact that by far the greatest threat to your password security is from cyber sources, and likely not from your physical desk, so we might as well take advantage of that to help people out.
> > A paper pad, on the other hand, is extremely secure against cyberattack
> Paper pads are extremely secure (sic).
Stop right there, asshole. You're doctoring quotes and changing their meaning. That's not the correct usage of (sic) either.
> I forgot that users no longer have to key in passwords
1. Not all passwords are commonly-entered.
2. Passwords collected together in a defined file format are a richer target than ad-hoc collection thank forms-with-password-fields used in one of multiple possible browsers.
Most people aren't worried about being secure from the CIA, we're worried about being secure from random criminals at the airport or the cafe. If the CIA wants you, they can just kidnap you and lock you away anyway.
"in a system that really shouldn't be so complex" [citation needed]
Do you actually have a less complex way to reliably identify a person at the other end of a computer network?
(physical keys using NFC stuff are pretty exciting, but the tech isn't in place yet... until then we're stuck with "something you know" and the limits of human memory vs computer power)
