The next study in our research stream on habituation to security warnings has been accepted to CHI 2015, which will be held in Seoul, April 18–23. The paper uses fMRI and mouse cursor tracking to show how the brain automatically habituates or “tunes out” security warnings after multiple exposures. We also test an approach to reduce habituation in which we update the appearance of the warning so that brain naturally pays more attention to the warning with repeated exposures.
Here is the abstract:
Research on security warnings consistently points to habituation as a key reason why users ignore security warnings. However, because habituation as a mental state is difficult to observe, previous research has examined habituation indirectly by observing its influence on security behaviors. This study addresses this gap by using functional magnetic resonance imaging (fMRI) to open the “black box” of the brain to observe habituation as it develops in response to security warnings. Our results show a dramatic drop in the visual processing centers of the brain after only the second exposure to a warning, with further decreases with subsequent exposures. To combat the problem of habituation, we designed a polymorphic warning that changes its appearance. We show in two separate experiments using fMRI and mouse cursor tracking that our polymorphic warning is substantially more resistant to habituation than conventional warnings. Together, our neurophysiological findings illustrate the considerable influence of human biology on users’ habituation to security warnings.