
Software Exploits Aren't Needed to Hack Most Organizations - empressplay
http://www.darkreading.com/operations/attackers-playbook-top-5-is-high-on-passwords-low-on-malware/d/d-id/1326667
======
thomasrossi
I totally agree about "[attackers] prefer to use system weaknesses over
software exploits" for the reason mentioned (if you use someone password
chances are no alarm will ring, if you scan every port on every possible
network.. meh, you may get noticed).

I've seen a growing number of systems tracking the fingerprint of the user not
only the password (e.g. salesforce), I think that is the way to go because it
is very difficult to train users against every possible social exploitation.

