Software Integrity

 

Study finds security warnings ignored 90% of the time

A new study finds that people ignore security warnings from software up to 90% of the time.

In a paper, More Harm Than Good? How Messages That Interrupt Can Make Us Vulnerable PDF, researchers from BYU, in collaboration with Google Chrome engineers, found that if a security warning appears while people are typing, watching a video, uploading files, etc., they are much more likely to ignore the message. The task at hand is more important.

They cited that on their way to close a web page, 74 percent of the respondents in the study ignored the message. The number was higher, 79 percent, if they were watching a video. And an even higher percentage, 87 percent, ignored the warnings of they were transferring a confirmation code.

“But you can mitigate this problem simply by finessing the timing of the warnings,” wrote Jeff Jenkins, lead author of the study. “Waiting to display a warning to when people are not busy doing something else increases their security behavior substantially.”

Jenkins, along with BYU colleagues Bonnie Anderson and Brock Kirwan, found that people paid the most attention in the following circumstances:

  • After watching a video
  • Waiting for a page to load
  • After interacting with a website

In addition to showing multitasking doesn’t work with security messages, the researchers also showed what this activity does to the brain. They had study participants complete computer tasks while an MRI scanner measured their brain activity. The experiment showed that when security messages interrupted a task, neural activity was substantially reduced.