In Chapter 6 of “The Upside of Irrationality” I wrote about the the process of adaptation, which is the process by which we get used to stuff — like pain, romantic partners, and new cars.
Some of the personal experiences and experiments I described were about how experiencing pain when I was hospitalized caused me (and others) to view pain differently and with a lower intensity.
A new study on back pain, showed the basic same results:
“This study of 396 adults with chronic back pain found that those with some lifetime adversity reported less physical impairment, disability, and heavy utilization of health care than those who had experienced either no adversity or a high level of adversity…… The data suggest that adversity-exposure also may protect against psychiatric disturbances that occur with chronic back pain…”
I am not suggesting that everyone goes and get some more experience in adversity — just to prepare ourselves in case something bad will take place in the future. But, it is interesting to realize that negative experiences influence our adaptation, and this way also on our ability to deal more positively with new negative circumstances.
Dan
Tweet 
Like By Alon Nir
0. Intro
Sometimes interesting opportunities can emerge from unfavorable situations. Tense diplomatic atmosphere between Israel and Turkey in the past couple of months, brought on a cyber-attack from the Turkish side. A major Israeli apartment-listing website was hacked and so was Pizza Hut’s local website. The credentials of over 100,000 user accounts (roughly 2% of internet users in the country) were revealed and published on dubious Turkish forums. Naturally, it wasn’t long before these lucrative spreadsheets, containing usernames, email addresses and passwords became so widespread anyone with basic googling abilities could find them. One person who got his hands on these files comes from a profession no less defamed than computer-hacking. You guessed it – an economist. Me.
I took a look at the spreadsheets and after some basic analysis I was left with a few interesting insights. The data reveal the extent to which people fail to think creatively and incorporate even a touch of randomness in their username and password selection.
1. Popular Passwords
My analysis focused on a spreadsheet containing 31,588 users of the above mentioned apartment-listing website. The reason I chose it is because that website was (evidently) particularly lenient in the registration process and didn’t even strict choices of password. One digit password? Not a problem. This leniency probably isn’t the best security policy the website could adopt, but it is valuable for our analysis as it shows what people will do when they are unconstrained.
15,820 of these 31,588 registered users (slightly over 50%!) used their email address as their username. Furthermore, 675 people (over 2%) picked their phone number as a username. Both of these choices aren’t considered very secure, since phone numbers, and email addresses in particular, are easy to find out.
While these two bits of information give an indication on lack of creativity on the users’ part, the really interesting discovery is their selection of passwords.
The most common password was 123456 (584 users), with 1234 as the runner up (569) and 12345 coming in third (388). All in all, 1786 passwords (5.65%!) were comprised of consecutive increasing numerals. This means that one person in 18 didn’t muster the cognitive capacity to generate a password more intricate than 1234 and the like.
788 people (roughly 2.5%, or one in forty people) chose a password identical to their username.
417 people (1.32%) chose a password comprised of identical digits (e.g. 1111).
Keyboard patterns were ubiquitous, horizontal in particular: on top of the 1786 ‘123X’ passwords mentioned above, 123 passwords began with ‘qwe’ (including 25 instances of ‘qwerty’), 41 with ‘asd’, and 31 with ‘zxc’. It’s interesting to see how the frequency of these patterns falls as we go to a lower line on the keyboard. A similar distribution appears when looking at vertical lines on the keyboard, though the frequency is substantially lower (‘1qaz’ and ‘qaz’ make up 83 observations combined).
48 passwords began with ‘abc’ (e.g. ‘abcdef’, ‘abc123’, etc.).
And finally, 69 passwords had variants of the actual word ‘password’, with no less than 29 exact matches.
What’s more interesting is the fact that using this information, diligent mischiefs hacked into tens of thousands of email and Facebook accounts, which indicates that a high percentage of the people in our sample uses the same (trivial) password for different websites. It also refutes arguments that people carelessly entered an easy password because they didn’t care much for their account on that particular website.
Lastly, I looked at the spreadsheet with Pizza Hut’s users credentials hoping something will catch my eye and help me gain a better insight into password selection. I didn’t have to look for long, as roughly 200 people (out of around 70K accounts, I must mention) chose ‘pizza’ or something similar as password. This got me thinking, and I suspect that password selection might be influenced by cognitive availability. I went back to the original data and found that 89 had the name of the website as part of their password. Other passwords (though much more rare) were nouns like ‘coffee’ and brand names like ‘samsung’, ‘acer’, ‘cocacola’, ‘nokia’ and others, all of which can be attributed to physical objects just in front of the user’s eyes or in his hand. Add this to the 2,000 or so patterned passwords I mentioned earlier (visual availability on the keyboard), and you get a plausible explanation in my view.
2. Explaining the Findings
So what can account for this password picking behavior? A few possible explanations come to mind. Let me describe them by using John, an imaginary typical internet user, as an example.
One explanation is that when John first embarks on setting up a new account at a website, he knows he’ll get a blank profile when the registration process is done. Since his profile will contain no information, the ‘price’ (in terms of lost information, contacts, time, etc.) John will pay in case that an amicable hacker takes over his account is close to zero. Hence, he is reluctant to strain himself making up, and remembering, a truly unique password.
The problem starts a while later, when John’s email box is already full with valuable correspondences, and his Facebook page is populated with hundreds of friends (including a few flirtatious Janes). Then, a more difficult to decipher password is of true value, but John irrationally sticks to the password he already has. It can be because he’s a terrible procrastinator, forgetful, or even due to the Sunk Cost bias – in his mind John already “paid” the price (in terms of mental resources and time spent) for setting a password, and that’s why he refrains from going through the process again. As time passes the incentive to change password becomes greater and greater, but try telling that to John.
3. Conclusion
When I first put my hands on the coveted files, I did not expect to find such interest in password selection, but the more I go over the data, and the more I think about it, I see the value of studying the way people choose passwords. As you see from the above analysis, it’s an example of a decision making problem where behavioral and cognitive processes, and biases, come into play. Since it’s a one-shot game and the decision is kept in strict confidentiality (until, of course, someone picks up on security breaches), the setting is rather simplified and the observed behavior is of research value. In a way, we have here a form of a natural experiment; it’s just unfortunate the way the data were obtained.
If you have any other theories explaining password selection, please feel free to share them in the comments below. Don’t worry, no registration is required ….
A few days ago I had a fun interview with Miguel Barbosa. Miguel just posted the interview on his blog.
Here is one sample question and answer:
Miguel: You touched on my next question which relates to your chapter on meaning. Tell us about your findings on the importance of meaning in the workplace. What’s your advice for people trying to attach meaning to their jobs?
Dan: I think it’s very hard to have meaning if you are working for someone and don’t have much autonomy. But the upside is that with a little work we can create work environments that provide people with autonomy and are more likely to lead to feelings of meaningful work. Let me tell you a story that happened to me three weeks ago.
Three weeks ago I was in Seattle where an ex-student of mine who works for a big software company. She contacted me six weeks prior and I agreed to meet with her team. Something happened at that company in the weeks before I gave the talk. The background being that my student and a small team of people had discovered an idea which they thought was the best innovation in the “computer world.” They worked very hard on this idea for two years and the CEO of the company looked at it and said I’m canceling the project.
So here I was sitting with a group of highly creative people, who were completely deflated- In my life I’ve never seen anyone (in the high-tech industry) with a lower level of motivation. So I asked them, “How many of you show up to work on time since the project has been shut down?” Nobody raised their hand. I asked them, “How many of you go home early?” Everyone raised their hand. Lastly, I asked them, “How many of you feel that you should have taken the opportunity to fudge on your expense reports?” In this case, no one answered the question — rather everyone sat laughing to themselves—in a way that makes me think that they would have fudged their expense reports. So here you have a case of people who worked incredibly hard on a project and basically got rejected. Which leads me to ask how could the CEO have behaved differently if he was also trying to create a more positive feelings for the team members. So I posed this question to the team and they came up with different answers:
1. They said senior management could have allowed the team to present the project to the entire company.
2. Management could have gone a step further and allowed the team to build a prototype.
3. Management could have taken the time to understand the technology and see the possibilities of applying it to other areas of the firm or product development.
4. They could have asked the team to write about the process of developing the idea.
So there are many approaches senior management could have taken to boost the morale of the research team. But the key is that most ideas for boosting morale require a significant amount of time. If you think of people as rats working in a maze that then there is no reason to help their motivations or explain why you said “No!”. But if you think of people as driven by internal motivation then you want to worry about internal motivation then you might want to spend some time and effort increasing internal motivation. That is something the executive did not do, and I suspect that because of this the research team will eventually dissolve.
If you want to read more, here is a link to Miguel’s blog
A few weeks ago we conducted an online study on this question (the link to the survey was the “Click to participate” on the right side of the screen), and I wanted to thank the participants and tell you a bit about what we found.
In this study all the participants viewed a potentially funny video involving an individual who would seem to have “issues.” (http://www.youtube.com/watch?v=-Sd-j0rKeKw) The video clip showed a college student getting upset in an arguably overdramatic fashion after she got in trouble for inadvertently setting off her sorority house’s fire alarm by using the house’s fire extinguisher just for fun. Her friend apparently found it amusing enough to post it on youtube, and the clip has received millions of views since then.
The study had three groups: The first one was not given any additional information regarding the person. A second group was told that this person had suffered from stress since childhood. The third group were told that the person student in the clip had suffered from OCD since childhood.
What we found was that participants who were told that the girl had suffered from OCD since childhood found the clip less funny, laughed out loud from it less, and were less likely to recommend it to others than other participants. They also felt worse for the student and thought she deserved a smaller fine for inadvertently setting off the sorority house’s fire alarm than if they were either told beforehand that the student had suffered from stress since childhood (or received no justification at all). Participants who were told she had OCD also thought she seemed more likeable, intelligent, and creative. But they also thought that she seemed like a bigger loner and more antisocial.
What I think this means (and we need more research on this) is that giving individuals a disorder-label causes others viewing them to place the blame on the disorder and not on the person. Think for example about a parent who is told that their kid has ADHD – would this parent blame themselves less than if they were told that their kid is an active difficult kid? I think the answer is yes, and maybe this is one of the reasons that we as a society seem to be obsessed with diagnostic labels (other reasons include incentives for psychologists, medical companies etc).
By the way, did I tell you that I have a Restless Hand Syndrome”?
Irrationally yours
Dan
This is a short video from a talk I gave on June 7th at the Booksmith in SF.
The question here, is who cheats more and who cheats less….
Before you watch the video, think about a country that you have family or social links to (not the US) and ask yourself if people in that country cheat more or less than Americans.
A) People in that other country cheat more than Americans
B) Americans cheat more than the people in that other country
Next, try to predict if you think that bankers cheat more than politicians or if politicians cheat more than bankers.
C) Bankers cheat more than politicians
D) Politicians cheat more than bankers
Now if you don’t mind post your 2 answers to Twitter together with the name of the country that you have selected. Please use my username (@danariely), and I will collect the responses from Twitter.
Now, you can watch the video and get the answers
Here is an email that I got last week from a financial planner:
Dear Dan.
My hourly model lets clients use whatever retail custodian they like. For various reasons, I tend to recommend the two best as Vanguard and Fidelity. I go over the pros and the cons for each and, as soon as I mention Fidelity gives 25,000 frequent flyer miles, most clients stop me and choose Fidelity. Some will move tens of millions to Fidelity in order to get frequent flyer miles that might have a $200 economic value (and I may be generous). That would be the equivalent of 0.001% on a $20 million portfolio and .01% on a $2 million portfolio.
Any idea why this seems to have more impact than traditional economics might explain?
Curios.
XXX, CFP®, CPA, MBA (name hidden)
Here is my (short) response
Dear XXX,
This phenomenon is what we call “medium maximization.”
The basic idea is that often people focus on near term concrete goals (such as frequent flyer miles), and while trying to maximize these immediate and clear goals they forget or discount the real reason for their actions — which in your case is maximizing their financial outcome. (For a great paper on medium maximization see this paper by Chris Hsee)
Why do people engage is such medium maximizations? Because it is easy. It gives people a clear direction for behavior — and just having something measurable within reach can redirect our motivation. Another reason for the efficacy of medium maximization is that such immediate and concrete goals by which to measure ourselves against give us a sense of progression ….
I am not sure whether this should make you more or less appreciative of your clients, but hopefully you can now understand them a bit better. Or maybe it means that you should start offering them frequent flyer miles?
Irrationally yours
Dan
There are a few topics that Mother Teresa and Joseph Stalin agreed on, other than the cause for human apathy. So I suspect that both would be surprised – as I am — about the reaction to the BP oil spill.
If six months ago someone were to describe to me a tremendous oil spill and ask me to predict our collective reaction to it, I would have said that we would be highly interested in this disaster for a week or two and, after that short time, our interest would dwindle to “mildly interested.” After all, we (the public) appear only vaguely interested in a whole slew of environmental issues. The destruction of the Amazon rainforest, for example, has been going on for decades. Since 1970 we’ve managed to destroy about 600,000 square miles (www.mongabay.com/brazil.html), but we’re so used to these kinds of statistics that no one seems to care much.
So, why is it that we care so much about the BP oil spill than what happens on a daily basis in the Amazon? Here’s what we know about human caring and compassion. First and foremost, it is based on our emotions rather than our reasoning. Joseph Stalin said, “One death is a tragedy, a million is a statistic.” Mother Teresa said, “If I look at the masses I will never act, but if I look at the one I will.” In oil spill terms: We see pelicans and turtles mired and dying in oil, and we want to cry. We hear about families who have had their homes ruined and their livelihoods horribly affected or even destroyed, and we sympathize with their helplessness and want to do something to help them recover. Our compassion isn’t necessarily proportional to the magnitude of the catastrophe. It depends on how much of our emotion is invoked.
Perhaps I’m mistaken about human apathy, but it is also possible that there are particular features of the BP oil spill that influence how much we care, and that if these features were different, we would care substantially less, even if the magnitude of the disaster were the same.
Here are a few characteristics that might differentiate the BP oil spill from the destruction of the Amazon. First, it is a singular event with a precise beginning. Second, while the tragedy was ongoing (and we are not yet sure if it has ended or not) it seemed to become more desperate by the day. Third, we have a single organization that we can villainize. In contrast, in the Amazon, there are many organizations and individuals at fault, both in the countries where deforestation is occurring and abroad. And fourth, the Gulf is so much closer to home (at least for Americans).
The BP oil spill is, of course, a hugely devastating tragedy. At this stage, we don’t fully understand the magnitude of its consequences, which will likely last for decades. At the same time, it might be worthwhile to take this moment in history as an opportunity – when are caring about this tragedy is still high – to reflect on our larger relationship with the oceans, and the apathy with which we generally greet the less dramatic, but perhaps equally devastating, environmental consequences of overfishing and “everyday pollution.”
I suspect that, because our abuse of the oceans is commonly the result of many small steps by many people, we fail to become enraged with either the process or the outcomes. But we should be. And we should do our best to take better care of our oceans, and not only when the pollution is caused by a single large, easily villainized organization.
Maybe this is another case in which we want to make sure that we don’t waste a really good crisis (for a related missed opportunity see financial crisis). Maybe it is time to look more broadly at our interactions with the oceans and make it a better long-term relationship, and maybe we need to do this while we still care, and before our interest in the oceans dissipates.
…
You might remember reading in Predictably Irrational that it turns out that when we are choosing between two or more very similar options, we tend NOT to take into account the consequences of not deciding. For example, in the parable of the donkey, the unfortunate creature is placed in the middle of two identical stacks of hay. Unable to decide which stack to go for, the donkey starves and dies.
In another example, a friend of mine spent three months choosing between two different cameras, only to miss countless photo opportunities that he will never get back. And given how similar the two cameras were, he might have been better off simply flipping a coin.
To remedy this situation, I had the idea of creating Procrastinator for iPhone. This application allows you to set deadlines for your hard decisions so that when time is up, if you haven’t chosen an option, Procrastinator chooses for you. Thus, no more endless deciding back and forth, and no more lost time. Procrastinator is really easy to use, and you can have as many decisions as you would like running at the same time. You can find Procrastinator here.
1.) What is behavioral economics? How is it different from standard economics?
In general, both standard and behavioral economics are interested in the same questions and topics. The choices people make, the effects on incentives, the role of information etc. However, unlike standard economics, behavioral economics does not assume that people are rational. Instead, behavioral economists start by figuring out how people actually behave, often in a controlled lab environment in which we can understand behavior better, and use this as a starting point for building our understanding of human nature. As a consequence of this different starting point, behavioral economists usually come to different conclusions about the logic and efficacy of almost anything, ranging from mortgages to savings to healthcare in both the personal and business realms.
2.) Even if consumers make mistakes from time to time, wouldn’t the market fix these?
I always found the appeal to the market gods a bit odd. Why would the market fix mistakes instead of aggravating them? When the Chicago economists sometimes (reluctantly) admits that people make mistakes, they claim that people make different types of mistakes that will eventually cancel each other out in the market. Behavioral economics argues that, instead, people will often make the same mistake, and the individual mistakes can aggregate in the market. Let’s take the subprime mortgage crisis, which I think is a great example (but a very sad reality) of the market working to make the aggregation of mistakes worse. It is not as if some people made one kind of mistake and others made another kind. It was the fact that so many people made the same mistakes, and the market for these mistakes is what got us to where we are now.
3.) Isn’t behavioral economics a depressing view of human nature?
It is true that from a behavioral economics perspective we are fallible, easily confused, not that smart, and often irrational. We are more like Homer Simpson than Superman. So from this perspective it is rather depressing. But at the same time there is also a silver lining. There are free lunches!
Take the physical world for example. We build products that work with our physical limitations. Chairs, shoes, and cars are all designed to complement and enhance our physical capabilities. If we take some of the same lessons we’ve learned from working with our physical limitations and apply them to things that are affected by our cognitive limitations—insurance policies, retirement plans, and healthcare—we’ll be able to design more effective policies and tools, that are more useful in the world. This is the promise of behavioral economics – once we understand where we are weak or wrong we can try to fix it and build a better world.
Take again the sub-prime mortgage crisis. Imagine that we understood how difficult it is for people to calculate the correct amount of mortgage that they should take, and instead of creating a calculator that told us the maximum that we can borrow, it helped us figure out what we should be borrowing. I suspect that if we had this type of calculator (and if people used it) much of the sub-prime mortgage catastrophe could have been avoided. This of course is one idea to fix one problem, and there are many ways to think about how to improve our lives along many of the decisions we make every day. This is why I think that behavioral economics is so optimistic, useful, and important for our personal life and for society.
Irrationally yours
Dan Ariely
Update: Thanks for everyone who participated in this study — we will post the results next week
————————————————————————-
We have a new fun study that we need some help with…. So if you have 10 min please click the “Click to participate” button on the right..
Or, just follow this link.
Thanks
Dan