Slashdot Mirror

← Back to Stories (view on slashdot.org)

MRIs Show Our Brains Shutting Down When We See Security Prompts

Posted by timothy on from the all-persons-in-this-area-subject-to-palpatio-per-anum dept.

antdude writes with this excerpt from Ars Technica: Magnetic Resonance Imaging (MRIs) show our brains shutting down when we see security prompts. The MRI images show a "precipitous drop" in visual processing after even one repeated exposure to a standard security warning and a "large overall drop" after 13 of them. Previously, such warning fatigue has been observed only indirectly, such as one study finding that only 14 percent of participants recognized content changes to confirmation dialog boxes or another that recorded users clicking through one-half of all SSL warnings in less than two seconds.

16 of 79 comments (clear)

  1. What kind of person did they study? by ArcadeMan · · Score: 5, Insightful

    Did they test with dumb regular users who don't understand or don't know better, or did they test people who actually know what those security warnings mean and the real consequences of ignoring them?

    --
    Get free satoshi (Bitcoin) and Dogecoins
    1. Re:What kind of person did they study? by Austerity+Empowers · · Score: 4, Insightful

      What is the purpose of security alerts if not to warn people who don't know any better? For the crowd that gets it, you could flash a brief icon featuring a guy fawkes mask and that'd be sufficient. I also wonder how many of them would click "proceed anyway" if the pr0ns were there...

    2. Re:What kind of person did they study? by duck_rifted · · Score: 4, Insightful

      People in general tend to tune out what they don't understand because they don't have thoughts available to process. We have ALL experienced that -- every last one of us. Doesn't it kind of feel like your brain is busy searching for the right file? Haven't you had instances where you get the same feeling, and then, "Oh yeah!" it clears up? It happens to me any time I'm already preoccupied with something, enter a room for a task, and then get distracted. "Wait... What was I doing?" And it will happen to you with increasingly frequency as you age.

      Let's not call people dumb for this. They need to be taught, or security warnings need to engage them better. I mean, come on, can't we do better than a little dialogue box that spews stuff people don't understand? Give people switches and buttons that have an effect they can SEE and they'll get it. A little graphic depicting what they're giving permission to that changes as the mark or clear a checkbox, with a chance to apply after the selection, would work perfectly. Give their brains the file they can't find.

    3. Re:What kind of person did they study? by khasim · · Score: 5, Insightful

      What is the purpose of security alerts if not to warn people who don't know any better?

      To shift the blame to the end-user when something goes wrong.

      Which is why the alerts are so useless. They, essentially, become a "click here to continue" button.

    4. Re:What kind of person did they study? by frinsore · · Score: 3, Insightful

      While I find the study surprising it is disturbingly logical. And I expect the article's solution would only be temporary (making random drastic changes to the prompts). Personally when I receive a windows escalation prompt I've already made the decision to run the program and the prompt just gets in the way of that, I already trust the program or I wouldn't have run it in the first place. Showing the prompt after the user has decided to run the program is already too late. The warning should be shown on the icon, if in a gui, and preferably the application should have a list of privileges that it needs, like android, instead of a generic "everything".

    5. Re:What kind of person did they study? by dcollins117 · · Score: 5, Interesting

      Did they test with dumb regular users who don't understand or don't know better, or did they test people who actually know what those security warnings mean and the real consequences of ignoring them?

      Hold on, TFA says they note a decrease in visual processing. Perhaps the decrease in visual processing is because the user is using another part of their brain to process the new information, and to appropriately decide what the best response is.

      They also note an "overall" decrease after repeated exposures to the same message, but that's what we do; we learn from experience. That's a feature, not a bug.

    6. Re:What kind of person did they study? by suutar · · Score: 5, Insightful

      Android apps request everything anyway. What I want is a way to say "yeah, I know you want this, but you ain't getting it. Install anyway, and the OS will just pretend that function returns nothing."

  2. Of course by heldal · · Score: 5, Funny

    I want titties, but these stupid alerts keep popping up

  3. Drives IT people nuts by TheReaperD · · Score: 3, Insightful

    I've witnessed this so many times as an IT tech that it's sickening. Even if we're standing there and try explaining it, our words just end up in "don't care" brain bin and they'll click on anything that makes the message go away the fastest. I've even had them click on "yes" then "Ok" on the install even when I was standing there and told them not to. It's like they're "listening" to their mother in law. Irritating as hell.

    --
    "Be particularly skeptical when presented with evidence confirming what you already believe." -
    1. Re:Drives IT people nuts by war4peace · · Score: 5, Insightful

      This behavior doesn't have IT roots. It has "the boy who cried wolf" roots.
      We're surrounded by warnings, all the time. Warning! Wet floor. Warning! 0.5 inches of snow tomorrow. Warning! This beverage might be hot. Warning! This battery might explode if you put it in a microwave.

      No wonder people have their responses to warnings (of all kinds) dulled to non-existence.

      --
      ...gis sdrawkcab (usually not responding to ACs; don't bother posting as AC)
  4. Information content by Livius · · Score: 4, Interesting

    Obviously their brains will shut down since 99% of 'security' prompts are mere nuisances with no value whatsoever. The brain notices patterns like that pretty quick.

    1. Re:Information content by Pentium100 · · Score: 5, Informative

      Also, the warnings all are very similar even though the problems they warn about are different. Let's take a look at SSL warnings. When a browser puts up the huge warning that there is a problem with SSL, it could mean one of a few things:
      1) The certificate is self-signed. A big problem except for internal sites.
      2) The certificate expired 10 minutes ago or you computer's clock is wrong (not that big a problem).
      3) The certificate is for a different domain. This could be a problem or not, depending on the domain (could be the certificate is issued for www.example.com and I am going to example.com or 127.0.0.1).
      4) The mobile browser does not understand wildcard certificates.

      The problem is that the warnings all look the same and to find out which problem it is, you have to click on the "Technical details" button.

  5. Reflex by Tablizer · · Score: 5, Informative

    Married men learn to ignore nagging.

    --
    Table-ized A.I.
  6. I expect even less brain activity when by burtosis · · Score: 3, Funny

    Slashdotters see a new summary. Gonna fess up here i made it about half way through, got bored and posted.

  7. Anecdotal evidence by jrumney · · Score: 4, Funny

    I was going to post something insightful, but I got a warning from my browser about sending data over an insecure channel to http://slashdot.org and my brain shut down.

  8. Popup messages are completely ineffective by Tony+Isaac · · Score: 4, Informative

    My company had a customer whose nightly backups were failing. Every time every user in the company (hundreds of them) logged in to the system, they were presented with a message pop-up warning that the backups had been failing. This went on for WEEKS before anyone bothered to notify the software vendor (who managed the backup system).

    There seem to be a couple of principles at work here:
    1. Not my job. Everybody at the company knew it wasn't their job to keep the backups working, so they ignored the warning.
    2. In the way. Everybody had something they needed to do, so they simply clicked whatever they had to (the OK button) to get past the prompt and do their work.

    It's like the license agreements on software installers. Everybody just clicks "I Agree" because they know they have to do so to get to the next screen, not necessarily because they actually agree.