"Don't put your password into the website that you shouldn't and put it only to website that you should" is a circular advice.

It's like those 2FA SMS that say "don't tell this token to anyone!" while you literally share it with the website that you login to. I am always so frustrated when I receive those

> We are reliably informed by our zoomer children that we are too cringe to be trusted on these matters.

Bullseye. At least they take it with good humor.

The same paper is linked in the original article.

Thanks. Stopped reading after I found out the article was not by the CEO.

Why?

Maybe not - but I work in a regulated industry, we had an employee get phished a few years ago, and the regulatory bodies wanted detailed records of all phishing testing and training conducted for the previous 5 years. So for some of us it's a necessary evil.