That familiar chorus began again after our own Mat Honan suffered a hack attack in which three different internet accounts were seized and three computing devices wiped of their data. “Turn On Gmail’s 2-Step Verification Now,” wrote James Fallows on The Atlantic’s website, adding to similar security lectures from The New York Times, Lifehacker, TechCrunch, a Google engineer, etc.
If that advice sounds familiar, it should. Just this past June, after 6 million LinkedIn passwords were exposed to hackers, Fallows wrote about “the one step you must take today” — improving your login security — adding to similar security lectures from The New York Times, Lifehacker, TechCrunch, a Google engineer, etc.
That lecture, in turn, followed similar admonitions
after Gawker Media let 1.3 million usernames and passwords fall into the hands of hackers in December 2010. And after Sony PlayStation Network exposed
77 million accounts in April 2011. And after 60 million users of the permission-marketing service Epsilon were hit with a phishing attack. Etc
The lectures clearly aren’t working and that, behavioral economists say, is because we already know how we should protect ourselves online, we just choose not to do so. Hardening your internet identity, whether through new passwords, a backup regimen, or other means, costs time and energy in the present, and pays dividends only in some far-off hypothetical future.