So humans are programmable, and the best way to see human brain is looking at it as a Bayesian network. It requires training to accommodate the change, and consistent data to be repeated provided. Gmail and LinkedIn and tastes all the offer of 2-factor authentication, but the adoption rate is low. One thing I've learned about humans is that in most cases, will take the path of least resistance when it comes to managing change, and only when applied pressure (road block is a good way to put it) or reward offered does this often disrupt this way lancejssc. The complexity and password option: A watching password options include multiple factors cover “risk” – some include: 1) Complexity 2) Cost 3 Time So let's divide this into cost and time: Example scenario: A user will be prompted to set a password (this could also be a known popular service like Gmail and in that case is a password change). The user types the password: test123 @ # (this is hypothetical pure excluding example rainbow tables). In a case like this the chances of cracking are online about 4.5 days before success.