
Why don’t we follow password security best practices? - CrankyBear
https://increment.com/security/password-security-best-practices/
======
ethiclub
To answer the article's title question fully in the context of business, I
believe the following 4 major causes need to be acknowledged:

\- Legislation: (Data Privacy acts et al.) Does not hold people accountable
(yet), especially in small business. It is (in human history) still a
relatively new application of the concept of freedom & rights. Further, it's
still more profitable (tangibly) to break the law then absorb any resulting
fines.

\- Corporate Governance and cohesion (lack of). Especially acute issue due to
the previous point (lack of government legislation holding orgs accountable ->
leads to lack of corporate governance holding employees accountable). Lack of
Corporate legal governance is mirrored by a lack of Corporate ethics
governance (a generalization of the global economy)

\- A combination of the Gambler's fallacy, normalcy bias and optimism bias.
People just don't expect repercussions, and focus on apparent small risk
instead of the size of repercussion.

\- Obstacles / Path of least resistance: Things make it difficult. Lack of
simple SSO, password requirements, fundamental limitations of the human brain
(memory etc.). Since the technology is not simple enough for us, we revert to
an easy method.

