I generally assume anybody who has the resources, expertise, and access to brute-force my password against a system is going to get in regardless of what I do, so I don’t worry too much about password entropy. If my bank can’t protect me against brute-force guessing, I am not going to believe they can protect me against a hacking scheme which bypasses my password altogether.
The weakest link in the chain is the one which breaks, and it makes little sense to forge one link particularly strong in case another link is particularly weak.
(Similarly, I always assume if somebody has physical access to my hard drive, they have access to its contents, regardless of what I’ve done to the hard drive.)
I generally assume anybody who has the resources, expertise, and access to brute-force my password against a system is going to get in regardless of what I do, so I don’t worry too much about password entropy. If my bank can’t protect me against brute-force guessing, I am not going to believe they can protect me against a hacking scheme which bypasses my password altogether.
The weakest link in the chain is the one which breaks, and it makes little sense to forge one link particularly strong in case another link is particularly weak.
(Similarly, I always assume if somebody has physical access to my hard drive, they have access to its contents, regardless of what I’ve done to the hard drive.)