Incentivizing Good Behavior
A few months back, drunkloria posted what I still believe is my most favorite tweet of the year. For that, she gets a gold star.
She's right, of course. We talk a big game. We read books on social psychology, influence, NLP and hypnosis. But we suck at it. Even the ones who are good at it suck at it.
If you haven't seen Naked Password yet, I suppose I can wait while you go check it out. Basically it's an 8-bit striptease that's used as a password strength meter. I like this. Complain about unprofessionalism, sexism, or whatever you like, but the fact is this: you put that on your website, your users WILL have strong passwords. Mostly they'll just do it because it's funny, but you'll get the results you're looking for.
It's not genius. It's one of the basics of every grifter movie out there-- focus the target on one thing, and have your desired result be a byproduct. Sleight of hand.
I like seeing this kind of creative thinking, even if it is somewhat in jest. Let's extend it. All those ecommerce sites that say they're dedicated to security? Why not provide a discount coupon when users set a strong password? Limit them to one a month, and suddenly you've got them changing their password regularly. See how easy this is? In a lot of cases, it's also probably cheaper than dealing with fraud from hacked accounts.
Provide special offers, features, or if you must, pixellated dirty pictures to users who install NoScript and Request Policy. It's easy enough to detect when those plugins are in place, you can encourage users to embrace security, help yourself and help the internet a bit at the same time. People install special toolbars, plugins and even malware for the stupidest reasons imaginable, but we can't get them to disable Javascript?
Getting people to change their behavior isn't all that hard, you just have to offer an incentive. "Not getting hacked" isn't an incentive. It's not even perceived as a real threat, to most people.
Srsly. If all y'all are so good at social engineering, why do y'all have issues getting clients to implement security?
She's right, of course. We talk a big game. We read books on social psychology, influence, NLP and hypnosis. But we suck at it. Even the ones who are good at it suck at it.
If you haven't seen Naked Password yet, I suppose I can wait while you go check it out. Basically it's an 8-bit striptease that's used as a password strength meter. I like this. Complain about unprofessionalism, sexism, or whatever you like, but the fact is this: you put that on your website, your users WILL have strong passwords. Mostly they'll just do it because it's funny, but you'll get the results you're looking for.
It's not genius. It's one of the basics of every grifter movie out there-- focus the target on one thing, and have your desired result be a byproduct. Sleight of hand.
I like seeing this kind of creative thinking, even if it is somewhat in jest. Let's extend it. All those ecommerce sites that say they're dedicated to security? Why not provide a discount coupon when users set a strong password? Limit them to one a month, and suddenly you've got them changing their password regularly. See how easy this is? In a lot of cases, it's also probably cheaper than dealing with fraud from hacked accounts.
Provide special offers, features, or if you must, pixellated dirty pictures to users who install NoScript and Request Policy. It's easy enough to detect when those plugins are in place, you can encourage users to embrace security, help yourself and help the internet a bit at the same time. People install special toolbars, plugins and even malware for the stupidest reasons imaginable, but we can't get them to disable Javascript?
Getting people to change their behavior isn't all that hard, you just have to offer an incentive. "Not getting hacked" isn't an incentive. It's not even perceived as a real threat, to most people.
posted by mckt at
12:51 PM
|
0 Comments
