I know of at least one site with a big S that not only doesn't use reCaptcha on every login, but they also redirect to unencrypted HTTP after login via HTTPS, a practice extremely frowned upon by security experts for 16+ years or so. I mean, if we're going to be comparing certain platforms with big Ss and all as the huge blueprint allegedly being followed. :)
Well, my point is mostly : the more a site has increased security features , the more it's a challenge for anyone who attempt to "break" it, and when it's "broken" , another security layer is added and so on ...to the point the regular user is annoyed. > see the debacle with Steam & their virtual items ... .It's the game the cat & the mouse.
Sure they are users who don't really care / or don't pay attention to the basic security advices, which initially could be the reason of the increase of the security measures... ie : too common passwords, clicking everything on a webpage :P (especially certain malicious websites) , phishing , and i could continue.
In other hand as you pointed out some sites have poor security functionalities and shouldn't be used.
Sure, I agree of course. Security and convenience are ultimately at odds with each other and often equivocal to mutual exclusion. I wouldn't say 100% per se, but up there. I'm pretty annoyed by Steam's requirement that you own a mobile phone in order to fully authenticate also. (I'm aware of various hacks around that without needing a mobile phone, have explored them and consider them all unsuitable as well.)
I do care highly for security, but not always fond of the actual methodologies that some sites end up using which often create massive inconvenience without actually providing any real security. It becomes only "security theatre" in the end.
The funny thing with Steam's forced SMS authentication is that there are recent government publications specifically recommending AGAINST using SMS for 2FA because it is considered insecure. While the websites and others out there argue about that (without actually reading the actual words of the government recommendations, but instead judging it based purely on the headline and with know knowledge of the actual concepts of course), nothing happens to move things into a better situation either. It's kind of pathetic. :/