One of my jobs in my household is tech and security. So a lot of times my takes are based on what I see from truly amateur users (like my wife). She is super trainable on this stuff (meaning she does what I tell her to, but she also is about as clueless as one can be lol Which is probably 99% of people. So I'm always trying to get outside of myself when thinking about and implementing security measures. What is the dumbest shit I could do, how do I mitigate those things, and what am I most likely to actually do (security fatigue). Finding balance is difficult and there isnt one perfect solution. For example, I don't think OTP and password manager apps should be accessible from the device being used to login. But few people are willing to carry a separate device. So maybe you force a PIN or login to those apps. Stuff like that. I'm learning and thinking about this stuff frequently.