From Warning to Wallpaper: Why the Brain Habituates to Security Warnings

Authors

Bonnie Anderson, Brigham Young UniversityFollow
Anthony Vance, Brigham Young UniversityFollow
C. Brock Kirwan, Brigham Young University
Jeffrey L. Jenkins, Brigham Young UniversityFollow
David Eargle, University of Pittsburgh

Keywords

security warnings, habituation, behavioral information systems security, functional magnetic resonance imaging (fMRI), mouse cursor tracking, NeuroIS

Abstract

Warning messages are fundamental to users' security interactions. Unfortunately, research has shown that they are largely ineffective. A key contributor to this failure is habituation: decreased response to a repeated warning. Previous research has inferred the occurrence of habituation to warnings or measured it indirectly, such as through the proxy of a related behavior. Therefore, there is a gap in our understanding of how habituation to security warnings develops in the brain. Without direct measures of habituation, we are limited in designing warnings that can mitigate its effects. In this study, we use neurophysiological measures to directly observe habituation as it occurs in the brain and behaviorally. We also design a polymorphic warning artifact that repeatedly changes its appearance in order to resist the effects of habituation. In an experiment using functional magnetic resonance imaging (fMRI; n=25), we found that our polymorphic warning was significantly more resistant to habituation than were conventional warnings in regions of the brain related to attention. In a second experiment (n=80), we implemented the top four most resistant polymorphic warnings in a realistic setting. Using mouse cursor tracking as a surrogate for attention to unobtrusively measure habituation on participants' personal computers, we found that polymorphic warnings reduced habituation compared to conventional warnings. Together, our findings reveal the substantial influence of neurobiology on users' habituation to security warnings and security behavior in general, and we offer our polymorphic warning design as an effective solution to practice.

Original Publication Citation

Anderson, B., Vance, A., Kirwan, B., Jenkins, J., Eargle, D. 2016. “From Warning to Wallpaper: Why the Brain Habituates to Security Warnings and What Can Be Done about It,” Journal of Management Information Systems, 33 (3), pp. 713–743, http://dx.doi.org/10.1080/07421222.2016.1243947.

BYU ScholarsArchive Citation

Anderson, Bonnie; Vance, Anthony; Kirwan, C. Brock; Jenkins, Jeffrey L.; and Eargle, David, "From Warning to Wallpaper: Why the Brain Habituates to Security Warnings" (2016). Faculty Publications. 1955.
https://scholarsarchive.byu.edu/facpub/1955

Document Type

Peer-Reviewed Article

Publication Date

2016-12

Permanent URL

http://hdl.lib.byu.edu/1877/3912

Publisher

Taylor and Francis

Language

English

College

Marriott School of Management

Department

Information Systems

Copyright Status

© 2016 Taylor and Francis. This is an Accepted Manuscript of an article published by Taylor & Francis in Journal of Management Information Systems on Dec. 2016, available online: https://doi.org/10.1287/isre.2016.0644

Copyright Use Information

http://lib.byu.edu/about/copyright/