Windows 7 - End Users Buck Security Advice For Economic Reasons.

Without proof that strong passwords and Website certificates actually keep them safe, it's no wonder end users ignore security advice, says Microsoft Research expert......

End users routinely reject security advice and recommendations for strong passwords and for heeding dangerous Website warnings -- and that behavior makes perfect sense from an economic and psychological perspective, security experts say.

Cormac Herley, a researcher in the Microsoft Research organization, says end users are understandably noncompliant because there just isn't explicit proof that creating a strong password, for example, makes them less likely to have their accounts hacked. "Security people are trained to look for the worst-case analysis, but users don't think that way," says Herley, who emphasizes his opinions are his own and not that of Microsoft. "For example, users are told not to reuse passwords across accounts because if an attacker gets one, [he] might be able to get into their other accounts. But we don't know how often that does happen."