But if we asked users "Choose one: the ideal convenience of being able to log in with just your username (but anyone who knows your username can login as you), or the inconvenience of having to enter username plus a secret password?" almost all users would choose the security over convenience, because they would understand the risk/reward. I think users care more about convenience than _theoretical_ security, and that we owe them education on how security impacts them directly.
No comments yet.