On Wed, 24 Apr 2019 17:04:22 -0700, William Herrin said:
I take no position on what risk the comcast wifi passwords issue carries. I'm posting only to point out that an absolutist model which says, "stuff of type X must always be encrypted," is probably not well tuned to the customer's actual security needs.
I'm willing to bet that for a significant percentage of people who do at least some of their work at home, but aren't router-savvy, the risks of a borked router preventing them from working from home are a bigger issue than the relatively low risk of a database compromise leading to a miscreant getting hold of their wireless password and using their access point as free wifi. Security decisions that are "obvious" when only security-minded and technically clued people are involved become a lot less obvious when 95% of the people involved are named Joe Q. Sixpack.