> as a basic rule of thumb, any paper on cybersecurity that does not start the discussion with a reference attack vector and listed assumptions is probably garbage.
Actionable guidance for real world decisions is not the objective of academic research. The objective is to expand the human knowledge base (which hopefully translates to something practical at some point).
If the authors have the domain expertise to weigh in on PINs, but not on attack vectors, then that is what they should do. Let someone else draw the conclusions for IT managers.
Actionable guidance for real world decisions is not the objective of academic research. The objective is to expand the human knowledge base (which hopefully translates to something practical at some point).
If the authors have the domain expertise to weigh in on PINs, but not on attack vectors, then that is what they should do. Let someone else draw the conclusions for IT managers.