Thank you so much for your response. With the development of biometric authentication, living in a password-free world in the future would greatly increase security. Passwords certainly have a much larger threat surface than some alternative login methods. I’ve personally been entering passwords manually for a long time in applications other than the browser because I believe copying and pasting is risky. Besides being quite cumbersome, I wonder if this actually creates more risk. The clipboard has never felt like a safe place to store passwords, even with the “delete after x seconds” setting. It’s probably something like, to quote a post I saw on a website, “the faster you pick up your sandwich after it falls on a dirty floor, the safer you can still eat it.”
It’s a pretty niche topic, as most digital attacks are caused by human error rather than a potential weakness in how you enter your password, but for a long time I didn’t know if I was doing something wrong by displaying the password on the screen instead of using the clipboard. As you said, security should ensure sustainability, but there are certainly certain scenarios where people compromise security for ease of use. It was very helpful to hear someone else’s perspective on this. Thanks again.
I struggle to understand the notion that “if your computer is infected, it’s all over.” Of course, the things people use to fool viruses, like using an on-screen keyboard or randomizing the sequence of characters in a password, are useless against advanced RATs that both listen to the keyboard and read the screen. But even if 80 out of 100 viruses are this advanced (and I don’t think there’s a large percentage of such advanced malware), wouldn’t taking precautions against the remaining 20 reduce the threat surface? Doesn’t thinking in terms of the worst-case scenario prevent us from taking precautions against less overkill possibilities? Isn’t cybersecurity built on minimizing risk? Risk will always exist, but even after all the precautions have been taken, if a competent attacker can threaten us, we’re left to say, “Hat’s off!”