Hacker News new | past | comments | ask | show | jobs | submit login

It is clear that user is the biggest risk in all systems, but that doesn't quite take away from the more important addressable question - specifically - is a password-less method better than what we do today (aka passwords.

I'd take a hunch that the number of users with easily guessable passwords outweighs the number of targeted malware attempts.

But I need not guess, any of the password dump files provides a good statistic showing % of passwords.. what was it something like 0.6% are still 123456? and another 2-4% some similar-looking cousin?

If we go with this logic - we also wind up getting extra wins: better usability, and cheaper to deploy/manage. But that's a whole other topic.

Applications are open for YC Summer 2023

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact