1. People are terrible at creating strong passwords. People will NOT create hundreds of strong passwords.
2. People will not use complex solutions unless actively and rigidly enforced.
3. At best, we can hope that they can create one really good passphrase. That's combined with MFA.
There are people that are exceptions to those, but they're vanishingly small percentage of the population. And unfortunately, there are a way, way more people that think they have something better but are deluding themselves -- like bad card counters that casinos are happy to have at the blackjack table or non-experts rolling their own crypto.
2. People will not use complex solutions unless actively and rigidly enforced.
3. At best, we can hope that they can create one really good passphrase. That's combined with MFA.
There are people that are exceptions to those, but they're vanishingly small percentage of the population. And unfortunately, there are a way, way more people that think they have something better but are deluding themselves -- like bad card counters that casinos are happy to have at the blackjack table or non-experts rolling their own crypto.