It’s better than reusing the same password, but not by much. If one of your passwords get compromised, an attacker can easily guess to try to just replace “gmail” by whatever service they’re attempting to log into as you, and give it a shot.
It’s better than reusing the same password, but not by much. If one of your passwords get compromised, an attacker can easily guess to try to just replace “gmail” by whatever service they’re attempting to log into as you, and give it a shot.
It makes sense in theory to deter someone planning something sketchy. But if that’s the purpose, they should try to make it known to everyone.
Basically, the agents should be telling everyone - “yes, the procedure can change every time”, so the potential villain scouting out the procedures would think “oh man, I thought I got it figured out, but what if tomorrow they change the rules?”
If they instead keep insisting “you should know this, it’s the same every time”, the potential villain is more likely to feel confident in their preparation and go ahead.