Improving Computer Security Dialogs: An Exploration of Attention and Habituation

Computer dialogs communicate important security messages, but their excessive use has produced habituation: a strong tendency by computer users to ignore security dialogs. Unlike physical warnings, whose design and use is regulated by law and based on years of research, computer security dialogs are often designed in an arbitrary manner. We need scientific solutions to produce dialogs that users will heed and understand. Currently, we lack an understanding of the factors that drive users’ attention to security dialogs, and how to counteract habituation. Studying computer security behavior is difficult because a) users are more likely to expose themselves to risk in a lab experiment than in daily life, b) the size of observed effects is usually very small, which makes it necessary to collect many observations, and c) it is complex to balance research interests and the ethical duty not to harm. My thesis makes two contributions: a novel methodology to study behavioral responses to security dialogs in a realistic, ethical way with high levels of ecological validity, and a novel technique to increase and retain attention to security dialogs, even in the presence of habituation

Improving Computer Security Dialogs: An Exploration of Attention and Habituation

<p> Computer dialogs communicate important security messages, but their excessive use has produced habituation: a strong tendency by computer users to ignore security dialogs. Unlike physical warnings, whose design and use is regulated by law and based on years of research, computer security dialogs are often designed in an arbitrary manner. We need scientific solutions to produce dialogs that users will heed and understand.</p> <p> Currently, we lack an understanding of the factors that drive users’ attention to security dialogs, and how to counteract habituation. Studying computer security behavior is difficult because a) users are more likely to expose themselves to risk in a lab experiment than in daily life, b) the size of observed effects is usually very small, which makes it necessary to collect many observations, and c) it is complex to balance research interests and the ethical duty not to harm.</p> <p> My thesis makes two contributions: a novel methodology to study behavioral responses to security dialogs in a realistic, ethical way with high levels of ecological validity, and a novel technique to increase and retain attention to security dialogs, even in the presence of habituation.</p

Ethical-Response Survey Report: Fall 2014

Abstract We update the ethical-response survey we published in July [11] to broaden its reach in two dimensions

Improving Computer Security Dialogs

Part 1: Long and Short PapersInternational audienceSecurity dialogs warn users about security threats on their computers; however, people often ignore these important communications. This paper explores the links between warning dialog design and user understanding of, motivation to respond to, and actual response to computer security warnings. We measured these variables through a 733-participant online study that tested a set of four existing computer security warnings and two redesigned versions of each across low- and high-risk conditions. In some cases our redesigned warnings significantly increased participants’ understanding and motivation to take the safest action; however, we were not able to show that participants’ responses were differentiated between low and high risk conditions. We also observed that motivation seemed to be a more important predictor of taking the safest action than understanding. However, other factors that may contribute to this behavior warrant further investigation