90% users ignore software security warnings: Study
About 90 percent of people ignore software security warnings because they pop up at inappropriate times, such as when users are watching a video, typing or uploading a file, a new study has found.
Washington: About 90 percent of people ignore software security warnings because they pop up at inappropriate times, such as when users are watching a video, typing or uploading a file, a new study has found.
Researchers found these times are less effective because of "dual task interference," a neural limitation where even simple tasks cannot be simultaneously performed without significant performance loss.
"We found that the brain cannot handle multitasking very well. Software developers categorically present these messages without any regard to what the user is doing," said Anthony Vance from Brigham Young University (BYU) in the US.
"They interrupt us constantly and our research shows there is a high penalty that comes by presenting these messages at random times," said Vance.
For example, 74 percent of people in the study ignored security messages that popped up while they were on the way to close a web page window.
Another 79 percent ignored the messages if they were watching a video. About 87 percent disregarded the messages while they were transferring information, in this case, a confirmation code, researchers said.
"But you can mitigate this problem simply by finessing the timing of the warnings. Waiting to display a warning to when people are not busy doing something else increases their security behaviour substantially," said Jeff Jenkins from BYU.
Researchers found that people pay the most attention to security messages when they pop up in lower dual task times such as after watching a video, waiting for a page to load and after interacting with a website.
Timing security warnings to appear when a person is more likely ready to respond is not current practice in the software industry, researchers said.
For part of the study, researchers had participants complete computer tasks while an functional Magnetic Resonance Imaging (fMRI) scanner measured their brain activity.
The experiment showed neural activity was substantially reduced when security messages interrupted a task, as compared to when a user responded to the security message itself.
The status quo of warning messages appearing haphazardly - while people are typing, watching a video, uploading files, etc - results in up to 90 percent of users disregarding them, researchers said.
The findings were published in the journal Information Systems Research.