MRI scans show “precipitous drop” in brain activity upon seeing the security warning second time and a “large overall drop” after 13 of them
We all know that we feel a bit uncomfortable when we see repeated security warnings that a PC pops up however it was not yet deciphered as to why we feel such discomfort. For the first time, scientists have used magnetic resonance imaging (MRI) to measure a human brain’s dramatic drop in attention that results when a computer user is subjected to just two security warnings in a short span of time.
The scientists will present the research papers at the Association for Computing Machinery’s CHI 2015 conference, where they will show the maps regions of the brain responsible for visual processing. The paper to be submitted by them is titled “How Polymorphic Warnings Reduce Habituation in the Brain—Insights from an fMRI Study.”
The research is a result of the experiment was conducted on 25 participants recruited from a university. All the subjects tested were native English speakers. The subjects laid down on their backs on an MRI table and had a volume coil placed over their heads to allow imaging of the entire brain. The participants then viewed experimental images on a large monitor at the opening of the scanner. In all, each participant viewed a unique set of 560 images. A second experiment tracked participants’ responses to security warnings in a more natural setting while using a laptop computer. To measure attention paid to a particular warning, the researchers analyzed users’ mouse cursor
The MRI images show a “precipitous drop” in brain activity even when the participants were shown 2 security warnings one after the other and a “large overall drop” after they were shown 13 of them.
Previously, such warning fatigue has been observed only indirectly, such as one study finding that only 14 percent of participants recognized content changes to confirmation dialog boxes or another that recorded users clicking through one-half of all SSL warnings in less than two seconds.
The inattention is the result of a phenomenon known as ‘habituation’, or the tendency for organisms’ neural systems to show partial or complete cessations of responses to stimuli over repeated exposures. Such repetition suppression, or RS, has long been documented in everything from sea slugs to humans. By directly measuring RS in the brains of people exposed to computer security warnings, the scientists were then able to test more effective ways that software makers can alert people to potential risks.
Besides leading to potential improvements in user interfaces, the research may pave the way for better security education, training, and awareness (SETA) programs, password use, and information security policy compliance. The scientists wrote:
Users’ habituation to security warnings is pervasive, and is often attributed to users’ carelessness and inattention. However, we demonstrate that habituation is largely obligatory as a result of how the brain processes familiar visual stimuli. A chief implication of our results is that because habituation occurs unconsciously at the neurobiological level, interventions designed to encourage greater attention and vigilance on the part of users—such as SETA programs—are incomplete on their own. Our findings suggest that a complimentary solution is to develop UI designs that are less susceptible to habituation. We show that the polymorphic warning artifact developed in this study is one such effective design. Our results point to future research opportunities for security interventions that take into account the biology of the user.
The scientists hope to gain meaningful insights into ‘habituation’ and understand the way our brain works.
Resource : Ars Technica.