The problem isn’t the users: it’s that we’ve designed our computer systems’ security so badly that we demand the user do all of these counterintuitive things. Why can’t users choose easy-to-remember passwords? Why can’t they click on links in emails with wild abandon? Why can’t they plug a USB stick into a computer without facing a myriad of viruses? Why are we trying to fix the user instead of solving the underlying security problem?

Bruce Schneier on fixing the wrong problem.

Why? Let’s be real: it’s because most computer engineers are arrogant assholes who wouldn’t recognize another human if they freakin’ tripped over one.