It is clear that user is the biggest risk in all systems, but that doesn't quite take away from the more important addressable question - specifically - is a password-less method better than what we do today (aka passwords.
I'd take a hunch that the number of users with easily guessable passwords outweighs the number of targeted malware attempts.
But I need not guess, any of the password dump files provides a good statistic showing % of passwords.. what was it something like 0.6% are still 123456? and another 2-4% some similar-looking cousin?
If we go with this logic - we also wind up getting extra wins: better usability, and cheaper to deploy/manage. But that's a whole other topic.
I'd take a hunch that the number of users with easily guessable passwords outweighs the number of targeted malware attempts.
But I need not guess, any of the password dump files provides a good statistic showing % of passwords.. what was it something like 0.6% are still 123456? and another 2-4% some similar-looking cousin?
If we go with this logic - we also wind up getting extra wins: better usability, and cheaper to deploy/manage. But that's a whole other topic.