Wake-up Call

Why people don’t change passwords

Experts say the best way to protect your identity and online information is to change passwords regularly and use a different password for every website. So why don't people follow this advice? According to a survey conducted last spring by the Pew Research Centre, only 39 per cent of internet users ever changed their passwords. The rest generally fall into these categories of inertia:

The clueless:

These are the people who somehow remain unaware of the need to change or strengthen their passwords. They wilfully tune out information that is unpleasant.

Academics call this behavior “seizing and freezing” – seizing on a word that makes a person uncomfortable (in this case “hacker” or “password”) and freezing out any information about it – and it occurs because we have no intention of changing our behaviour or associations related to the words in question.

The avoiders:

Changing a password is a chore, like flossing and saving for retirement – so many people simply choose to avoid it. Such “avoidant” decisions speak to the all-too common choice to think, believe or feel that the consequences do not apply to us.

READ MORE

The leaners:

These are the people who say “I want to do it” but then don’t follow through. When prompted to act, they think up arguments for inaction: “If I change my password, who’s to say it can’t be hacked again?” This is a particularly challenging bunch.

The procrastinators:

These are the people who keep promising to do the right thing but just never get around to it. So how do we escape our inertia? At the organisational level, we could automatically send new passwords at regular intervals to all account holders on any enterprise system.

The second option is to use “enhanced active choice”, a communication technique that highlights the preferred option by pointing out the losses incumbent in the nonpreferred alternative.

In this case, you would get two options: 1 – I will change my password to protect my online accounts and other confidential information on my computer; or 2 – I will not change my password, because I do not mind if a perpetrator has access to my computer and may use my money in horrible ways." – Copyright Harvard Business Review

For more coverage see our new site World of Work