This bit by John Oliver is pretty awesome:
The reason iPhones need such strong security measures is because Apple customers can’t seem to keep their phones in their pants and out of the hands of hackers. Are people really storing bank account information on their phones? Cripes.
We make a big deal about encryption and security, but the weakest link is increasingly human. Last month, several companies (including Snapchat) fell prey to a phishing email and turned over all their employees’ IRS data. This is all it took:
My iCloud password requires twelve characters consisting of some combination of uppercase letters, lowercase letters, at least one number, a symbol, and an emoji. According to this password strength tool, it might take 2 million years to hack into my account with a GPU cluster. But only five minutes if you distract me from my desktop with a shiny object.
Instead of working to make encryption stronger, maybe try to make humans less stupid.