Timeline for is it a standard best practice to *display* the last-logged-in user by default on an individual employee laptop?
Current License: CC BY-SA 4.0
4 events
| when toggle format | what | by | license | comment | |
|---|---|---|---|---|---|
| May 10, 2019 at 18:36 | comment | added | Bennett | the "amount of overhead" is setting a bit to a 1 instead of a 0 at the time you set the work laptop policy defaults | |
| May 10, 2019 at 2:51 | comment | added | leaustinwile | That's actually also not correct. Phishing often time happens because of a cross-site scripting vulnerability that allows an attacker to inject malicious IFrames into the legitimate website pages that request credentials, overlay the real site with a different phishing site, etc... And yeah, they could, but the amount of overhead required with implementing that policy simply isn't worth it. If you get hacked because you let someone watch you type your credentials in, you don't deserve a job with that company. Simply because you don't respect it enough to protect your security info. | |
| May 9, 2019 at 22:37 | comment | added | Bennett | One difference from phishing is that phishing happens entirely outside the control of the real website that the phisher is imitating, so there's little they can do to stop it. The scenario I'm describing is also human error but it's happening entirely on the company's own equipment, which means they can do something to reduce the likelihood of error. | |
| May 8, 2019 at 22:53 | history | answered | leaustinwile | CC BY-SA 4.0 |