Comment by em-bee
3 years ago
aren't those two different issues?
security against leaks needs to happen at the backend. security to access an account doesn't protect against leaks of the database. it protects against personal data or identity theft, which is not something companies get punished for
They are unfortunately all related in multiple complex ways; for example password strength is important against leaks if the data is encrypted. Some times a leak happens through admin accounts, so if you have a single sign in system then security to access those is important.