It is often suggested that users are hopelessly lazy and unmotivated on security questions. They chose weak passwords, ignore security warnings, and are oblivious to certificates errors. We argue that users' rejection of the security advice they receive is entirely rational from an economic perspective. The advice offers to shield them from the direct costs of attacks, but burdens them with far greater indirect costs in the form of effort. Looking at various examples of security advice we find that the advice is complex and growing, but the benefit is largely speculative or moot.From "So Long, And No Thanks for the Externalities: The Rational Rejection of Security Advice by Users" by Cormac Herley, Microsoft Research. (HT:Slashdot)
Correcting misconceptions about markets, economics, asset prices, derivatives, equities, debt and finance
Tuesday, March 16, 2010
Users Rationally Reject Security Advice
Posted By Milton Recht
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment