Security experts report that users who ignore guidelines for strong passwords and other key online security issues do so because there isn't a clear incentive for making the effort.

"Cormac Herley, a researcher in the Microsoft Research organization, says end users are understandably noncompliant because there just isn't explicit proof that creating a strong password, for example, makes them less likely to have their accounts hacked," writes DarkReading's Kelly Jackson Higgins.


"And while security advice promises to protect users from the cost of an attack, it instead costs them time-wise and productivity-wise," Higgins writes. "Actual victimization is relatively rare, he argues in his paper [PDF file], and incurs a one-time cost whereas security advice is an ongoing one that costs more in the end."

Click here to read the DarkReading article.