The online security problem and the way people think

Experts say cybersecurity may be a motivation issue rather than a knowledge problem.

Cybersecurity problems may not be due to a lack of know-how. As it turns out, the issue could have more to do with the way people think. According to a recent Wired article, complacency happens with both consumers and businesses because they get accustomed to nothing happening to them. Recent attacks such as the epic hacking of Mat Honan showcased how, although rare, security breaches can bring a user’s digital life to a screeching halt.So, why do companies have lax security practices? According to Wired, it has more to do with human psychology than willful negligence. Individuals and businesses see high-profile attacks happening to others, but they aren’t impacted enough to take action. If users are allowed to choose an easy-to-remember password over a complex one, they’ll choose the easy one because it’s difficult to fully understand future risks.

Wired interviewed behavioral economist Dan Ariely, who said password security is a classical example of “hyperbolic discounting” – the human tendency to underestimate the value of a future reward. For example, imagine that you’re setting up a new account at a website. The reward of choosing an easy password is immediate. It ensures easy access to the account without having to remember a complicated string of numbers and letters. It’s much more difficult to judge the reward of a complex password because the value will come at an indefinite time in the future.

Wired presented several ideas for creating better account authentication measures. Online services should take steps such as making the default account settings highly secure and providing incentives to users for making their accounts more secure.

Security incentives: Something to learn from video games
Video games may not be your first source of layered security advice, but some developers have already begun providing incentives to users who use two-factor authentication. Blizzard requires players to have an authenticator tied to their account before they can access the real-currency auction house in the game Diablo III.

In May, the game developer wrote a forum post that discussed a series of Diablo III security breaches. However, no player accounts that used authenticators had been hacked. While other online services, such as Gmail, offer similar two-step authentication, not all of them offer incentives for adding the extra layer of security.

Do you use two-step authentication for any of your accounts? Have any of those accounts been hacked?

Kate Beckham

Kate has been lighting up the blogosphere for over 5 years, with a keen interest in social media and new malware threats. When not sitting at a café behind her Mac, you’ll usually find her scouring the racks for vintage finds or playing guitar.