|
|
|
|
|
|
by gkya
3700 days ago
|
|
|
I do see what you're saying and I agree completely. But maybe I'm bad at telling my point: How can a secure OS help keep me from putting my credentials into a phishing webpage? How can it prevent me from setting my Facebook/Gmail password as riley89angel? How can it keep me from writing my passwords into plain text files? This is why I think user education is at least as important as a secure stack, and should be considered by the states worldwide as a lesson in the public schools, ASAP. Our lives are going completely online, and most the people don't know what to do and what might happen. |
|
|
I'll add that user education has mostly failed. The recent consensus in INFOSEC is we need to design solutions where it's hard to do it insecurely and still easy to use. Signal messaging app is a great example of that. Another is Combex's PowerBox scheme for permissions on files where file dialog transparently grants a single file's access to app when user uses it. OS or runtimr protects its security. But, what user is giving to what application is clear even without technical knowledge.
So, education plus better design like I described is next steps.