Are users really too dumb to handle password protected data?