Improving Computer Security Dialogs

Bravo-Lillo, Cristian; Cranor, Lorrie Faith; Downs, Julie S.; Komanduri, Saranga; Sleeper, Manya

doi:10.1007/978-3-642-23768-3_2

Cited by 42 publications

(23 citation statements)

References 10 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…All three textual elements are based on past studies which used the same or similar textual content in various contexts [9,17,22,30]. For instance, Maimon, Alper, Sobesto and Cukier [22] used similar content to inform hackers about risks they incur if they penetrate organizational systems.…”

Section: Methodsmentioning

confidence: 99%

See 1 more Smart Citation

Deterrent Effects of Warnings on Users Behavior in Preventing Malicious Software Use

Silic¹,

Bäck²

2017

Proceedings of the 50th Hawaii International Conference on System Sciences (2017)

View full text Add to dashboard Cite

Despite the fact that a number of technical counter-measures do exist to mitigate the risks related to malicious software, in reality users are the last line of defense against security incidents. In this technology-human interaction, warning messages can represent an important tool to help users when making a decision. Understanding the effects of computer warnings on the progression and duration of the malicious software use would bridge the existing knowledge gap. Supported by the restrictive deterrence model and psychological factors, we conducted a non-controlled field experiment in which we collected data from no previously recruited participants. We found that in the presence of the warning message, the progression of the software use will be decreased and the duration of both first and repeated software uses will be reduced. Finally, we offer important findings for further theorizing and interesting practitioner insights that could help to leverage the interaction between the human and the computer technology with an objective to reduce the risk.

show abstract

Section: Methodsmentioning

confidence: 99%

“…Past research has tried to better understand how users interact with warnings and why users ignore them [9][10][11][12][13]. Mostly the focus was on examining the SSL web browser warning messages and their effectiveness [e.g.…”

Section: Introductionmentioning

confidence: 99%

Deterrent Effects of Warnings on Users Behavior in Preventing Malicious Software Use

Silic¹,

Bäck²

2017

Proceedings of the 50th Hawaii International Conference on System Sciences (2017)

View full text Add to dashboard Cite

show abstract

“…Yee argues that "interrupting users with prompts presents security decisions in a terrible context: it teaches users that security issues obstruct their main task and trains them to dismiss prompts quickly and carelessly" (Yee 2004, p. 49). Bravo-Lillo et al (2011) suggest that interruptive security warnings are often ignored or suboptimally addressed because users have a limited cognitive ability to switch between tasks. Patil et al (2015) found that interruptive privacy notices on mobile devices are poorly attended to.…”

Section: Literature Review and Theorymentioning

confidence: 99%

More Harm Than Good? How Messages That Interrupt Can Make Us Vulnerable

Jenkins

Anderson

Vance

et al. 2016

Information Systems Research

View full text Add to dashboard Cite

S ystem-generated alerts are ubiquitous in personal computing and, with the proliferation of mobile devices, daily activity. While these interruptions provide timely information, research shows they come at a high cost in terms of increased stress and decreased productivity. This is due to dual-task interference (DTI), a cognitive limitation in which even simple tasks cannot be simultaneously performed without significant performance loss. Although previous research has examined how DTI impacts the performance of a primary task (the task that was interrupted), no research has examined the effect of DTI on the interrupting task. This is an important gap because in many contexts, failing to heed an alert-the interruption itself-can introduce critical vulnerabilities.Using security messages as our context, we address this gap by using functional magnetic resonance imaging (fMRI) to explore how (1) DTI occurs in the brain in response to interruptive alerts, (2) DTI influences message security disregard, and (3) the effects of DTI can be mitigated by finessing the timing of the interruption. We show that neural activation is substantially reduced under a condition of high DTI, and the degree of reduction in turn significantly predicts security message disregard. Interestingly, we show that when a message immediately follows a primary task, neural activity in the medial temporal lobe is comparable to when attending to the message is the only task.Further, we apply these findings in an online behavioral experiment in the context of a web-browser warning. We demonstrate a practical way to mitigate the DTI effect by presenting the warning at low-DTI times, and show how mouse cursor tracking and psychometric measures can be used to validate low-DTI times in other contexts.Our findings suggest that although alerts are pervasive in personal computing, they should be bounded in their presentation. The timing of interruptions strongly influences the occurrence of DTI in the brain, which in turn substantially impacts alert disregard. This paper provides a theoretically grounded, cost-effective approach to reduce the effects of DTI for a wide variety of interruptive messages that are important but do not require immediate attention.

show abstract

“…Bravo-Lillo et al [6] showed empirically that warnings are not understoodfor example, due to technical terminology. Improved warning content may help, though: Biddle et al [5] found that their reformulated warnings made users more responsive to different levels of connection security.…”

Section: Prior Research On the Content Of Web Browser Warningsmentioning

confidence: 99%

“…on certificate warnings: Sunshine et al [19]) have shown that current warnings are ineffective at influencing the behavior of users for two main reasons: First, because of habituation effects from the frequent unhelpful warnings in non-critical situations [2]. Second, because of the technical language that prevents users from understanding the risks of proceeding -that is, how likely it is that an adverse event occurs and what the personal consequences are [6,8,13]. We thus not only need to prevent the occurrence of warnings in uncritical situations, but also make the warnings understandable so that the infrequent warnings will enable users to take informed decisions about proceeding based on the actual risks involved.…”

Section: Introductionmentioning

confidence: 99%

Contextualized Web Warnings, and How They Cause Distrust

Bartsch

Volkamer

Theuerling

et al. 2013

Trust and Trustworthy Computing

View full text Add to dashboard Cite

Abstract. Current warnings in Web browsers are difficult to understand for lay users. We address this problem through more concrete warning content by contextualizing the warning -for example, taking the user's current intention into account in order to name concrete consequences. To explore the practical value of contextualization and potential obstacles, we conduct a behavioral study with 36 participants who we either confront with contextualized or with standard warning content while they solve Web browsing tasks. We also collect exploratory data in a posterior card-sorting exercise and interview. We deduce a higher understanding of the risks of proceeding from the exploratory data. Moreover, we identify conflicting effects from contextualization, including distrust in the content, and formulate recommendations for effective contextualized warning content.

show abstract

Improving Computer Security Dialogs

Cited by 42 publications

References 10 publications

Deterrent Effects of Warnings on Users Behavior in Preventing Malicious Software Use

Deterrent Effects of Warnings on Users Behavior in Preventing Malicious Software Use

More Harm Than Good? How Messages That Interrupt Can Make Us Vulnerable

Contextualized Web Warnings, and How They Cause Distrust

Contact Info

Product

Resources

About

Improving Computer Security Dialogs

Cited by 42 publications

References 10 publications

Deterrent Effects of Warnings on Users Behavior in Preventing Malicious Software Use

Deterrent Effects of Warnings on Users Behavior in Preventing Malicious Software Use

More Harm Than Good? How Messages That Interrupt Can Make Us Vulnerable

Contextualized Web Warnings, and How They Cause Distrust

Contact Info

Product

Resources

About

Deterrent Effects of Warnings on Users Behavior in Preventing Malicious Software Use

Deterrent Effects of Warnings on Users Behavior in Preventing Malicious Software Use