[cedilla]

Wait, a thousand fold decrease is not worth it?

Your numbers literally turns a scenario where 200,000 accounts are hacked into one where 200 are exposed. Or one where 30 hacked accounts turn into 0 hacked accounts.

There is a point where a difference in quantity becomes a difference in quality. I far prefer the latter scenarios.

[cqqxo4zV46cp]

Anybody (like GP) that doesn’t understand that this is entirely the nature of security work, should not be making any material decisions about security.

The number of times I’ve seen DEVELOPERS neglect to implement materially useful security measures because “they’re not technically perfect!” Is astounding.

[marcus0x62]

The number of times I’ve seen purported security practitioners dismiss materially useful security measures because of some theoretical attack that nobody has ever seen in the wild in recorded history outside of stunt-hacking at Defcon is…probably higher