There was a very interesting post by Punam Keller last week on the HBR Blog Network on the psychology of passwords. This isn’t like the previous posts you have seen on this blog. While I tend to focus on the technical problems and ways around them, Keller explores the behavioral aspects of passwords and our general resistance to do what we all know is right. She highlights four attitudes that people have when it comes to passwords:
- People who don’t know they should change their passwords—most likely by intentionally ignoring information that indicates they should.
- People who know they should change it, but avoid doing it because they think password theft and misuse will happen to someone else.
- People who indicate they want to do it, but find ways to rationalize not taking any action.
- People who say they will do the right thing, but just never get around to doing it.
Keller suggests two methods to help combat this, and the second one I find quite compelling. Imagine for a second that you log into your Amazon account and you are prompted to change your password. Canceling this change would bring up a message that says, “By refusing to change your password, you agree that you are happy with an intruder accessing your Amazon account and may buy things for themselves on my dime.”
I bet you would get a ton of new passwords!
Go check out the article and add some of your own comments below!