If only there were a way to communicate to cybersecurity folk...
The Password Game
Cybersecurity has a strained relationship with empathy.
“Facts are facts, and feelings are someone else's problem.” said the technical and compliance folk.
“What brand of apocalyptic fear-mongering can I sell you today?” is the sales angle.
Only when social engineering became a technique of choice did the idea of empathy bubble up as a significant consideration. And even then, feelings, emotions, and reactions are viewed through the engineering lens of manipulation.
Cybersecurity isn't great with empathy.
Choosing correct over compassionate.
This situation is absurd.
The first pushback I remember seeing was the academic paper - So Long, and No Thanks for the Externalities: The Rational Rejection of Security Advice by Users - published by a Microsoft researcher in 2009.
While there are some interesting arguments - this is not how to explain the issue to the cybersecurity mainstream.
There must be a better way...
This thought has bugged me for years.
Then - last weekend - I saw it.
The Password Game.
If you know a cybersecurity pro who “doesn't get it”, send them to this game with a note - “This is how it feels.”
The game will do the rest.