Re: Outdated Password Practices are Widespread but so what

Is there any reason to believe this still matters? Does anyone try to do
brute-force password guessing on web sites? My understanding is that
password reuse is far more productive, phish someone's credentials on one
account, and then try the same password on all their other accounts.

That's why we see physical devices like FIDO keys and biometrics
like fingerprint readers.  Or a lot of sites skip the password and
email you a login link, which has its own security …

account accounts brute brute-force credentials far password password guessing password reuse phish practices reuse try understanding web what is