Feeling the difference between human error and secure behavior
What do emotions and empathy have to do with digital security? Can job satisfaction increase password quality? See the talk on what scientific research on these matters.
At the PasswordsCon conference in November 2020, our co-founder Erlend Andreas Gjære held a talk on these questions. See his full presentation in the video below.
Abstract: Whether you consider people hopeless or simply rational in their password practices, there will always be room for human error. Luckily, we can deal with human cyber risk in better ways than simply accepting it will never go away (just like the passwords). Safety research shows us how different types of human errors require different kinds of preventive measures. Consider also the research on how people’s emotions affect their security practices, and our security designs may just become a little bit more empathetic.
#PasswordsCon in the news, with some anti-hype and smart observations from @jimfenton, referral to @SWiefling's talk on Risk-based Authentication (RBA) & @rmondello's talk about the Password Manager Resources project.
— Per Thorsheim (@thorsheim) November 25, 2020
Thanks @jleyden @DailySwig!
Cc @amelsec @stiftelsen https://t.co/6kgyBkIdRZ
Ensure you also check out the other 13 talks from PasswordsCon in the freely available YouTube playlist (see abstracts and speakers day 1 and day 2).
Also, give a big thanks to our colleague Per Thorsheim for having organized PasswordsCon every year since 2010!
See you next year!
Last updated:
8 December 2020
Share this:
Contact the author:
Continue reading

Simulated phishing: How to design a suitable scam
How do you prepare the most effective phishing email to serve the goal of your exercise? In the third part of this series on simulated phishing, we describe various approaches to designing phishing content.

How to succeed with security behavior change
To stay safe online, people need to care more about the security decisions they face every day. But unless the obvious gains obviously exceed the required effort, change is often avoided. Luckily, behavior change in general has been subject to a lot of research, and here are some takeaways for information security professionals.

Simulated phishing: Communications strategy
How do you prepare an organization for you to try and trick them? In the second part of this series on simulated phishing, we provide the outline for a communications plan.
Ready to get started?
We have written a guide for you to get started with human-centered security. Access our free resource now, and learn:
- How to nurture drivers for employee engagement
- How to avoid common obstacles for reporting
- Practical examples and steps to get started