> * Train your users where it is and isn't safe to enter credentials.
> * Don't give your users credentials. Have some alternate way to authenticate them like a login token.
I manage barely a 100 users and I have talked to each of them personally. They're good people and can comprehend instructions. But they still fall for these every now and then. Training doesn't help. They are fantastic in their respective fields but to them, all prompt boxes and all login screens have the same exact amount of legitimacy. Just like how every spark plug looks the same to me. Training can help some users but most of them are going to fall for it eventually.
I manage barely a 100 users and I have talked to each of them personally. They're good people and can comprehend instructions. But they still fall for these every now and then. Training doesn't help. They are fantastic in their respective fields but to them, all prompt boxes and all login screens have the same exact amount of legitimacy. Just like how every spark plug looks the same to me. Training can help some users but most of them are going to fall for it eventually.