You may need to wait a minute for another sucker to be\n born, but you can find one anytime you want online.In a recent MIT-Harvard study to determine online\n gullibility, 36 percent of test subjects logged in to their\n online bank accounts despite being presented with a strong\n warning page saying that their bank site\u2019s security\n certificate was not valid. Not one person noticed when HTTPS,\n the secure form of HTTP, was stripped away\u2014they offered\n up their passwords anyway.More On CybercrimeHow You Can Fight CybercrimeHow the Mob uses ITWhat Adult and Gaming Sites Can Teach You About InnovationA Brief History of CybercrimeAlthough our instincts tell us that better education might\n have saved these users from themselves, there is a growing\n consensus among researchers that education will never stop many\n people from clicking when they shouldn\u2019t. The problem,\n says Markus Jakobsson, a security consultant and associate\n professor of informatics at Indiana University, is one of\n focus. \u201cWhen people go online, they are focused on other\n things besides security,\u201d he says. \u201cThey want to\n pay their bills online or talk to their friends. People\n don\u2019t pay attention to security clues online.\u201d Even\n when, as in the MIT-Harvard study, they are reminded to pay\n attention to warnings.Meanwhile, the kind of information that lulls victims into a\n false sense of security is still widely available online. In a\n 2005 study, Jakobsson was easily able to find the Social\n Security numbers and mothers\u2019 maiden names of millions of\n Texans online. \u201cWhen the e-mail comes with your\n mother\u2019s maiden name already in there, it\u2019s a lot\n easier to click,\u201d he says.So what to do? Some suggest issuing new passwords through\n small electronic fobs called tokens each time someone logs in\n to a site, or requiring account holders to verify withdrawals\n via a cell phone call. But both solutions are costly, complex\n and potentially inconvenient to customers. The best answer may\n be to relieve home computer users of responsibility for\n computer security.Already, some ISPs are offering security software as part of\n their subscription pricing, judging that the extra cost is more\n than balanced out by reducing the risks they face from the\n pipe-clogging spam and malware. With 2.4 million unsecured\n broadband connections in the United States today, according to\n Consumer Reports, it may be time for the IT industry to face\n that consumers will never close the security gap by themselves.\n To the extent that end-user companies could be liable for their\n customers\u2019 inaction, they need to weigh the risk of\n leaving the responsibility for managing security in the hands\n of customers who may never do it adequately.