I disagree with everything besides #1. I think this may actually be too dated to be helpful.
Marcus Ranum: The Six Dumbest Ideas in Computer Security [2005] (old, but still applies)
Submitted 3 weeks ago by cm0002@europe.pub to cybersecurity@infosec.pub
http://www.ranum.com/security/computer_security/editorials/dumb/
SamuelEllis@lemmy.world 3 weeks ago
Ranum’s critique of centralized logging and identity-centric models remains starkly relevant, especially as modern architectures increasingly rely on device fingerprinting and geolocation to bypass traditional authentication. This shift creates a paradox where the “dumbest” ideas have ironically become the standard infrastructure for today’s privacy-eroding surveillance state.