Published in News

Technology proves no-one reads security warnings

by on18 June 2018

Eye-tracking and fMRI prove it

Boffins have used the latest gear to prove the long understood belief that no-one  reads security warnings.

A team of computer scientists, psychologists and neuroscientists used eye-tracking and fMRI to measure how users perceived security warnings, such as warnings about app permissions and browser warnings about insecure pages and plugin installations.

The problem is that users became "habituated" to warnings and stopped perceiving them. This is a significant factor in security philosophy. This is why people staffing TSA checkpoints get good at spotting water bottles which they see all the time but miss fake bombs and guns smuggled in by people who test them.

According to the report with the catchy title "Tuning Out Security Warnings: A Longitudinal Examination of Habituation Through fMRI, Eye Tracking, and Field Experiments", writers Anthony Vance, Jeffrey L. Jenkins, Bonnie Brinton Anderson, Daniel K. Bjornn and C. Brock Kirwan found that people habituated rapidly to repeated warnings within a single laboratory session.

"We observed that there was a recovery effect of attention from one day to the next when warnings were withheld. Unfortunately, this recovery effect wasn’t enough to offset the overall pattern of habituation across the workweek."

More positively, the researchers found that a polymorphic warning, a warning that changes its appearance with each presentation, could sustain attention over time.


Last modified on 18 June 2018
Rate this item
(0 votes)

Read more about: