Hacker News new | ask | show | jobs
by nine_k 1245 days ago
I suppose the idea of denying by default (#1, #2) and the idea of defense in depth (mentioned at the end) aged well enough.

I'm not sure about educating users. It's obviously not going to be a bulletproof solution. But not educating users at all also does not seem right either: it's hard for a person to care about stuff they have no idea about.
1 comments
SAI_Peregrinus 1244 days ago
The better way is to make the secure path the easy path. You don't have to educate users to do something that makes their life harder, you can educate them in an easier way to do what they want. That's far more likely to stick.

Usability is a security issue; at the ultimate extreme a DoS attack is just creating a very poor user experience.

link