It's Rational to Reject [Good] Security Advice?

In a recent article from Microsoft Research, users are behaving rationally when they reject security advice. According to the paper, the cost of many security policies outweighs their benefits. So, rational or not... Is it really the right thing to do?

Well, my opinion is still that the advice of experts that is based on proven best practices is worth following.

Read the article here. (pdf)