This will probably be controversial, but I disagree with the current password policy. Checking against a list of known broken passwords sounds like a good idea, but that list is only ever going to get bigger. The human factor has to be taken into account. People are going to reuse passwords. So whenever their reused password gets hacked from a less secure site, it's going to add to that list.

Ideally, a password would be unique. Ideally, users should maybe ever use a password manager that generates garbage as a password that no one could hack. An ideal world is different from reality. Specific requirements are going to lead to people needing to write things down. In the past, that was on paper, like Wargames. Now, it's going to lead to people pasting their username and login into text documents for easy reference. That's probably what i'm going to have to do. Was my previous method of reusing passwords safe? No. Will my new method of remembering passwords be safe? Probably not either.

I'm not entirely sure what all the account security is about, either. For my bank, sure, a complex password. I have a lot to lose there. For an account on a glorified message board? There's better ways to establish legitimacy. 4chan, of all places, dealt with this (nod to 2chan), by having users enter a password after their username that got encoded and displayed as part of their username to verify that they were, in fact, the same user.

So the topic for discussion would be, what's the endgame here? Where is the line drawn between usability and security? I may well be on the wrong side of this, but I think it's worth discussing.

Edit: I think there may be some good reasons, evidenced in this reply. I think it was a good discussion none the less, since it wasn't obvious to me and perhaps not to other people.

Edit 2: I'm going to hop off, but I think there's been some good discussion about the matter. As I said in the original post "I may well be on the wrong side of this". I may well be, but I hope I have addressed people well in the comments. Some of my comments may be "worst case" or "devil's advocate" though. I understand the reason for security, as evidenced above, but i'm unsure about the means.

I'm genuinely curious. I'm a late adopter FWIW and am still rocking an older iPhone that doesn't support any face recognition or finger prints. But I don't use a pass code either, and never have, and doubt I ever will. I just don't get it... what are folks afraid of happening if they don't lock their phone? I suppose the "nightmare" scenario would be someone steals your phone and then messages your contacts asking for $. Is that it?

I've always practiced greater digital security than physical security (counting the phone unlock as physical) as I think it much more likely that a ne'er-do-well would attack some large company than to single me out in person. I mean if the FBI or some hacker is going through my garbage then I probably have larger problems, right?

For me it's cost/benefit - swiping/fingerprinting/face IDing multiple times a day is not worth the slim chance that my phone is stolen by someone who going to use the info in it for something nefarious. I wouldn't lock my car if I was in/out of 20x a day, I just wouldn't leave anything terribly valuable in it.

Please let me know why locking your phone is/isn't important to you.

EDIT: To be clear, I have one banking app and it requires an additional password to get in. It's an app so there isn't a saved password for it anywhere.

EDIT2: Made this as a comment below, but thought I'd add it up here as well - "I find it strange that people in general seem to be OK with putting up with an inconvenience (even though minor to many) that affects them multiple times a day, but we hold large companies almost wholly unaccountable for major data breaches. "

EDIT3: This just occurred to me. We lock our phones, but not our wallets/purses. The argument that a pass-code is a protection against identity theft rings sort of hollow when we consider we have much of the same info on an ID card that we keep unprotected. Some states will even list the SSN on a driver's license.

EDIT4: I'm convinced everyone thinks their personal lives are terribly interesting to strangers and my suspicion is they're not. Only two real cases of bad things happening when a phone is unlocked that I've counted so far: 1) long distance calls 2) pokemon themed contacts.

EDIT5: That said, sounds like the fingerprint scanner is the way to go for convenient security. I'll be checking that out. Sincere thanks!

EDIT6: Some folks said that edit 4 came off as condescending. Not my intention. I was trying to tie in the idea of "everyone being the main character in their own story." I'm definitely not implying that people should leave their phones unlocked because others wouldn't find their lives uninteresting.

I think many have a personal connection to their devices that I do not feel. Intellectually I find that very interesting as this seems less a monetary issue and more a privacy issue. It'd be as if a stranger picked up a lost diary and started reading. I fear my diary would be more like a ship captain's logbook and wholly uninteresting. If I were to have my phone stolen I'd simply change a couple passwords and buy a new one.

I do the following:

• Use a VPN (NordVPN)
• Use Firefox with a tweaked about:config and the following security extensions:
  • uBlock Origin
  • NoScript
  • HTTPS Everywhere
  • Privacy Badger
  • Decentraleyes
  • Cookie Autodelete
  • Skip Redirect
  • CanvasBlocker
• Run Linux Mint (I know, Ubuntu-based distros aren't ideal but I'm a Linux beginner)
• Don't have any social media as of a year ago
• Don't use any Google services, including YouTube, Google Search, or Gmail
• Use a password manager (KeePassXC)

The next step would be for me to switch from iPhone to Android running Lineage OS, but money is a bit tight right now. As for day-to-day lifestyle choices, I try to use cash whenever possible and never sign up for things like store rewards programs.

What's your setup? Do you consider yourself a privacy-minded individual? Are you more concerned with protecting yourself from corporate or government entities?