This hits the nail right on the head. The point of cloud services is to take away all the overheads of building and delivering software solutions that have nothing to do with the actual business problem I’m trying to solve.

If I want to get a new product to market, I want to spend most of my time making my core product better, more marketable, more efficient. I don’t want to divert time and resources to just keep the lights on, like having to hire a whole bunch of people whose only jobs is to provision and manage servers and IT infrastructure (or nurse a Kubernetes cluster for that matter). Managing Kubernetes or physical tin servers is not what my business is about. All this tech infrastructure is a means to an end, not the end itself.

That’s why cloud services is such a cost efficient proposition for 98% businesses. Hell, if I could run everything using a serverless model (not always possible or cost effective) I’d do it gladly.

Yeah, but there are degrees of vulnerability. Otherwise, things like password strength or MFA wouldn’t matter.

If all your passwords are fully random, then that’s one less weakness that can be exploited. People can’t make educated guesses about your passwords just from analysing your social media profiles and history, e.g. if you post a lot about Star Wars, it’s more likely your passwords could contain a Star Wars reference.

That system is vulnerable to social engineering attacks. If hackers found out all their favourite things that lead to the core part of the password, guessing the prefix wouldn’t be that hard. Also, what would your friend do if one of these passwords got compromised and had to change it? Would he just add a 1 to the site-specific part of the password?