Trouble with explaining how passwords and security systems even work - is that rank-and-file users have a tendency to latch onto one single detail, and conclude that the whole system revolves around it. That does lead some erroneous conclusions about how safe/effective the security system even is, how it's supposed to work, and what it will protect a given user from.
Take for example, locks. Most of the time, a gate lock will deter thieves and casual trespassers like dogs and cats and other people's kids. But if you're shopping for a lock for your dwelling's door - think about what the door is meant to keep out - not just casual trespassers, but also weather, but also sound, someone who's determined and capable of breaching that lock - not only the door itself needs to be built for the purpose, it needs to have a locking mechanism that matches the duty of the door - you can't have a flimsy, easy-to-break/pick lock on your apartment door.
Similar patterns apply when deciding on a security system for the digital assets. Yeah, the decision is ultimately up to the user, who considers the tradeoffs between efforts required vs. benefits derived and pitfalls avoided. But sometimes latching onto a pitfall or benefit derived, without considering the bigger picture - that's what I mean by missing the forest for the trees.
Take for example, locks. Most of the time, a gate lock will deter thieves and casual trespassers like dogs and cats and other people's kids. But if you're shopping for a lock for your dwelling's door - think about what the door is meant to keep out - not just casual trespassers, but also weather, but also sound, someone who's determined and capable of breaching that lock - not only the door itself needs to be built for the purpose, it needs to have a locking mechanism that matches the duty of the door - you can't have a flimsy, easy-to-break/pick lock on your apartment door.
Similar patterns apply when deciding on a security system for the digital assets. Yeah, the decision is ultimately up to the user, who considers the tradeoffs between efforts required vs. benefits derived and pitfalls avoided. But sometimes latching onto a pitfall or benefit derived, without considering the bigger picture - that's what I mean by missing the forest for the trees.
