Lissy93
commented
3 years ago Yeah, that's a good point, though I guess you would still want to apply the same protections if possible, as in some instances it can be possible for an attacker to traverse horizontally (e.g. they gain access to a non-important email account, but use it to prove identity and reset a password for another website, or they are just able to collect info).
But I think this would be something which would just depend on the situation: the importance account your accessing, the trustworthyness of the computer you are using, etc
For
it seems that it can be useful to add note that for some services one may have multiple accounts - and log in with less valuable one (for example without admin privileges, not using real name).
Or is it obvious/rare to have it worthwhile?