Nothing can take the risk to zero. The goal is to take steps to minimize that ri... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		malyk on Aug 8, 2022 \| parent \| context \| favorite \| on: Incident report: Employee and customer account com... Nothing can take the risk to zero. The goal is to take steps to minimize that risk. The average “click rate” for phishing emails is something like 18% (don’t quote me on that exactly) and if you can institute training that brings it lower then you are working to minimize risk. You should do other things as well to further reduce risk, but training is one tool in the toolbox to help.

psanford on Aug 8, 2022 [–]

That is incorrect. Mandatory WebAuthN eliminates this risk. Stop wasting your time with inferior alternatives.

Aeolun on Aug 9, 2022 | [–]

How much communication would shift to informal methods if the barrier to communicating over approved channels got too big?

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact