Why poor security seems appropriate?

Posted: September 1, 2012 in Articles

Internet SafetyAfter each leak passwords experts again and again explain to users how important to maintain security on the Internet: create long password, password manager, use two-factor authentication, etc. Unfortunately, each new leak of passwords shows that the situation does not change. Passwords have been weak, and remain weak, and users continue to use the same passwords for different sites.

University of California at Berkeley, Steven Webber explains that security professionals do not consider human psychology. In fact, most people are quite aware that you need to follow the safety on the Internet. But do not do it for some reason.

The first reason – a well-known phenomenon of human psychology, when people choose to get a small guaranteed win today, but not a big win in a hypothetical future. For example, if you choose to get the dollar right now, or three dollars tomorrow, most people will choose the dollar now. The situation is similar to security on the Internet: refusing to back up, refusing to use the software to generate online passwords and not bothering factor authentication, people save time and resources, that is, get a small but tangible benefits “right now.” Although people at risk of becoming a victim of burglary in the future, they see this as a hypothetical possibility, the probability of which is very small. Thus, from the point of view of behavioral psychology, a person makes a natural, but an irrational choice for weak security.

Interestingly, the same situation is often found in the corporate sector. Companies are looking at how to hack an unlikely hypothetical future event (“Black Swan”) and therefore make a conscious choice in favor of the weak security, which seems appropriate for the moment.

Another interesting phenomenon of human psychology – the so-called hyperbolic discounting, a peculiar kind of psychological abnormalities of human behavior from the logical rules. It is manifested in the fact that users’ lay in the future to use backups, use strong passwords, two factor authentication, etc. Naturally, the future never comes. The phenomenon manifests itself in the experiment, when people are asked to take the dollar in a year or three dollars a year and a day. Although the situation is completely analogous to the previous question (the dollar today, or three dollars tomorrow), where most people make a rational choice in favor of three dollars. In other words, they find that in the future they will be able to make a rational choice, when in fact it is not – a year later on the same day they again take a dollar.

Therefore, education of users in any way will not help solve the problem of Internet security, because all users are enough educated. Problem in psychology, and researchers suggest several options as to what methods can be used with the above psychological characteristics of the person.

Internet threats

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s