Think about every massive online success, past and present. MySpace, for example, was not fundamentally different than how you could upload an HTML page to a server...though designing and maintaining links is obviously work beyond the average dedicated developer. And Facebook was not fundamentally different than MySpace, but its news feed eliminated the work of visiting every friend's profile to figure what happened today, which made it much more likely that you'd be "rewarded" (in the psychological sense) for visiting facebook.com rather than myspace.com...
And so forth. The password encryption schemes used as an industry standard are quite secure against a brute-force, random intruder. So social-engineering is a much more viable way to break-in...and why does Bob read his password over the phone to someone claiming to be from IT rather than take the time to verify the integrity of the transaction?...Laziness.
Think about every massive online success, past and present. MySpace, for example, was not fundamentally different than how you could upload an HTML page to a server...though designing and maintaining links is obviously work beyond the average dedicated developer. And Facebook was not fundamentally different than MySpace, but its news feed eliminated the work of visiting every friend's profile to figure what happened today, which made it much more likely that you'd be "rewarded" (in the psychological sense) for visiting facebook.com rather than myspace.com...
And so forth. The password encryption schemes used as an industry standard are quite secure against a brute-force, random intruder. So social-engineering is a much more viable way to break-in...and why does Bob read his password over the phone to someone claiming to be from IT rather than take the time to verify the integrity of the transaction?...Laziness.