We all know that social engineering happens.
Adding more hoops for users to jump through won't stop social engineers from conning people into jumping through the hoops.
But it will frustrate legitimate users.
Top-level
We all know that social engineering happens. Adding more hoops for users to jump through won't stop social engineers from conning people into jumping through the hoops. But it will frustrate legitimate users. 11 comments
@jsnell @dcrooks @9to5Mac it really sounds like you are not considering the case of intimate partner surveillance, which is what this sounds like a defense for to me. I am not sure this is the perfect solution to the problem, but “remind me never” is not tenable if an abuser might have physical access and your password at a point in time; it’s important to never give *anything* infinite silent background persistence. @dcrooks @jsnell @9to5Mac I don’t really disagree, this does seem like kind of an arbitrary cadence that probably privileges apple’s own products in dubious ways (do you have to re-enable FaceTime’s camera and screen recording access every week? I am guessing “no”) but still that is the sort of problem that needs to be reckoned with here They have really outstanding, experienced staff (which feels redundant to say) - agreed. @jsnell for what it’s worth this is why I qualified with “sounds like”. I did not mean to tell you that you don’t care about or don’t know about the issue, just that you didn’t mention it here, and given that (as far as I know) that is *the* problem being addressed by this sort of over-alerting, its absence is notable. Sorry that I implied otherwise. |
@jsnell @9to5Mac Yes: agreed.
And something that’s really important - eg with phishing - is that users are our best defence - we need to encourage users to help, rather than acting like they’re obstacles.
Imagine a security team of thousands of users, all of whom have the tools to engage rather than being frustrated?