I agree with the below comments. These types of papers are always emphasizing rigor over actual experience.
Many types of "100%" security fail because of this disconnect. Forced rotating passwords or long ones with required symbols and number? Most people choose to have easy to remember ones (e.g. pass1, pass2, pass3,) Or it's so difficult to memorize that they'll write it down somewhere nearby.
The points are important, but they're directed at consumer products. I wonder how the same person would look at bike-locks...which even with the most expensive locks are only a deterrent given the right tools.
Many types of "100%" security fail because of this disconnect. Forced rotating passwords or long ones with required symbols and number? Most people choose to have easy to remember ones (e.g. pass1, pass2, pass3,) Or it's so difficult to memorize that they'll write it down somewhere nearby.
The points are important, but they're directed at consumer products. I wonder how the same person would look at bike-locks...which even with the most expensive locks are only a deterrent given the right tools.