[marcgg]

I'm not trying to outclass anyone, I'm simply not sure that this is the right solution and so far I'm fully convinced by what he said. I'm sure he's way smarter than I and I'm probably missing something. Take everything I say as it is: a comment on the internet.

This being said, security through obscurity is never an optimal solution, but again going back to my "safe" analogy (not unbreakable, just hard to break). If a hacker wants to change the password, it takes a few clicks to locate a site where the user could be logged in. Then the clicks required to get a new password. Add the delay of email reception and so on... It takes more time and effort to do that than just click "show me all the passwords" and take a photo with a smartphone. Plus doing so will give you 1 password only.

About the keyboard presses count, let's say I use both mouse and keyboard.

ctrl+, (shortcut to settings) click to advanced click to manage click show

It's 4 operations. In my opinion, it's way shorter to do that and get ALL the passwords of a given user than try to change the Facebook password. Again, and I'm really stressing this out, it's not about making an unbreakable system. It's just making it a bit harder to break.