Read this post by Wendy Grossman:
It also reminds that when people’s decisions seem inexplicable “the convenience” is often an important part of their reasoning. It’s certainly part of why a lot of security breaches happen. Most people’s job is not in security but in payroll or design or manufacturing, and their need to get their actual jobs done takes precedence. Faced with a dilemma, they will do the quickest and easiest thing, and those who design attacks know and exploit this very human tendency. The smart security person will, as Angela Sasse has been saying for 20 years, design security policies so they’re the easiest path to follow.