HTTPS by default is good, especially after Let's Encrypt. Before that is was not worth the hassle/cost most of the time.
E.g. forced MFA everywhere is not good.
> Also, a hacker will replace the broken glass within milliseconds, and you won't find out it was ever broken.
This is very rare in practice for normal users. Again, risks in context please.
HTTPS by default is good, especially after Let's Encrypt. Before that is was not worth the hassle/cost most of the time.
E.g. forced MFA everywhere is not good.
> Also, a hacker will replace the broken glass within milliseconds, and you won't find out it was ever broken.
This is very rare in practice for normal users. Again, risks in context please.