
The Psychology of Security (2008) [pdf] - comboy
https://www.schneier.com/academic/paperfiles/paper-psychology-of-security.pdf
======
blauditore
> People exaggerate spectacular but rare risks and downplay common risks.

I've met multiple people who claim to know someone who only survived a car
crash because that person didn't wear a seatbelt and was able to "jump out".
Based on that, they think it's actually safer to not wear one.

This is so ridiculous it almost makes me angry.

~~~
daveslash
> People exaggerate spectacular but rare risks and downplay common risks.

I've heard it said that when you hear about some event in the news (burglary,
kidnapping, etc...) you almost should _not_ worry about it -- the very reason
that it's being reported in the news is almost always because it's a rare and
unlikely event.

------
walterbell
Related, _Folk Models of Home Computer Security_ ,
[http://www.rickwash.com/papers/rwash-homesec-
soups10-final.p...](http://www.rickwash.com/papers/rwash-homesec-
soups10-final.pdf)

 _> Home computer systems are insecure because they are administered by
untrained users. The rise of botnets has amplified this problem; attackers
compromise these computers, aggregate them, and use the resulting network to
attack third parties. Despite a large security industry that provides software
and advice, home computer users remain vulnerable. I identify eight ‘folk
models’ of security threats that are used by home computer users to decide
what security software to use, and which expert security advice to follow:
four conceptualizations of ‘viruses’ and other malware, and four
conceptualizations of ‘hackers’ that break into computers. I illustrate how
these models are used to justify ignoring expert security advice._

