People Ignore Security Warnings Because They Come at Bad Times

[Exterminator]

Scientists from Brigham Young University (BYU) have conducted a study on the reasons why people tend to ignore computer security warnings and the most opportune moment to show these alerts.

Researchers had people complete computer tasks while an fMRI device would record their brain activity. The BYU team discovered that neural activity decreased when security warnings interrupted the user from ongoing tasks.

The research showed that people focused on the security warning when the alert would come after or before an action. They explain this quirk because of our inability to multi-task.

Alerts are inefficient because they interrupt users
From all tested subjects, the BUY team says that 74 percent of people ignored the security messages when they were about to close a window, 79 percent ignored them when they were watching a video, and 87 percent disregarded the alerts when transferring information, such as a file, or entering a confirmation code.

Jeff Jenkins, study lead author, says that software developers "can mitigate this problem simply by finessing the timing of the warnings. Waiting to display a warning to when people are not busy doing something else increases their security behavior substantially."

The team says that the best timing for showing a security warning is after watching a video, while the user is waiting for a page to load, or after already interacting with a website, but not when the user is ready to leave.

Problem relies with the developer community, not with users
Unfortunately, he and his colleagues go on to say that the software industry doesn't take into account the timing of security warnings at all.

To get the ball rolling and address how software developers deal with security warnings, the BYU researchers reached out and collaborated with Google Chrome security engineers.

The Google team was so impressed by the BYU research that they said they'd be adjusting the timing at which they show the popup for the Chrome Cleanup Tool, a security message in Google Chrome for Windows.

 

[DardiM]

Thanks for the share

...
The research showed that people focused on the security warning when the alert would come after or before an action. They explain this quirk because of our inability to multi-task.

So women have an advantage !?

 

[frogboy]

It is hard to understand why people would ignore security warnings for me, seems kinda strange.

 

[CMLew]

I would say it's also dependent on whether they have been exposed/infected before. I'm confident those who have would take extra precaution and view those messages.

 

[hjlbx]

LOL... I thought the whole point of a security alert is to notify the user when something is amiss at the moment it happens -- so that it doesn't propagate any further.

Sentry: "Commander... the enemy is at the gates."

Commander: "Don't interrupt me right now... I'm busy thinking and can only do one thing at a time."

End result: Two guys dead (DED = Dead).

Is this for real, for real... ???

What a fricking joke... another case of the absolute face of stupidity.

 

[DardiM]

In a lot of enterprise, users on PC only know the strict minimum to do their tasks (administrations, enter data on Excels, etc), and are not aware of what is security, and even only know how to start their session, and use short cuts from their desktop to launch the only application they can use
A lot of part really don't understand the importance of the warning : "a window or message to quickly close" to go on with their "job".
This is often the same behavior at home. I think the most part of people that have PC, only know how to do basic tasks.

That's very bad, but I see it since years

 

[LabZero]

When we talk about computer security, you're probably your own worst enemy.

 

[frogboy]

When we talk about computer security, you're probably your own worst enemy.

Yes brain.exe fails again.

 

[shmu26]

Thanks for the share

So women have an advantage !?

my wife's computer behavior does not support your theory. she can handle plenty of tasks, but only if she considers them important.

 

[DardiM]

my wife's computer behavior does not support your theory. she can handle plenty of tasks, but only if she considers them important.

"So women have an advantage !? "
=> It was ironic, the famous discussion between men an women, and the brain capacity of woman to do multi task that men seems to lack

Be able to do multi task doen't mean to well use this capacity

 

[frogboy]

"So women have an advantage !? " => advantage, not disadvantage.
=> It was ironic, the famous discussion between men an women, and the brain capacity of woman to do multi task that men seems to lack

My friend you nailed it for sure. Poor us men.

 

[shicomu]

It's interesting research...
For years i'm trying to get my customers more awareness on security but it's still a very tough job getting the message thru..

 

[Logethica]

Interesting..
I posted an article based on the same research last Wednesday, with a Poll.
High % of Security Messages Ignored by Users

 

[davidp]

We're so accustomed to simply clicking through errors and warnings in most cases...it's certainly an uphill battle.

 

[Wihat]

I used to ignore the security rule of my own.
I've faced the same problem with backing up data Outlook twice. I have to use crack to get it through. I know it will harm the computer but I have to do it, it's very important.
I'm thinking I may suggest to check all computer to make sure the configuration is correct or not then fix it.
Because it takes lots of time, use crack -> uninstall them clearly -> sweep out all malware( virus, rootkit, PUP, ad...).
Everytime I faced this, it takes me about over 3 hours.

 

[shmu26]

I used to ignore the security rule of my own.
I've faced the same problem with backing up data Outlook twice. I have to use crack to get it through. I know it will harm the computer but I have to do it, it's very important.
I'm thinking I may suggest to check all computer to make sure the configuration is correct or not then fix it.
Because it takes lots of time, use crack -> uninstall them clearly -> sweep out all malware( virus, rootkit, PUP, ad...).
Everytime I faced this, it takes me about over 3 hours.

what crack is useful for backing up Outlook?

FYI if you have an adware-infested installer file, it helps to install it with NoVirusThanks EXE Radar Pro, in alert mode. That way you can block the junk, and allow just the program you want, if you pay careful attention to the prompts.
I tried this method out last night while installing uTorrent free. Every time it wanted to run a script, I blocked it. In the end, I got a working installation of uTorrent, without extra junk. Zemana found 1 dll leftover from the junk. not too bad.

 

[Wihat]

Not for backup, the users lost their email data, I recovered it. Thanks for share, I will note this and use it .