A majority of the typical computer users interviewed experienced security fatigue that leads them to risky computing behavior at work and in their personal lives. Security fatigue is defined in the study as a weariness or reluctance to deal with computer security.
The multidisciplinary team learned that the majority of their average computer users felt overwhelmed and bombarded, and they got tired of being on constant alert, adopting safe behavior, and trying to understand the nuances of online security issues.
Researchers found that the result of weariness leads to feelings of resignation and loss of control. These reactions can lead to avoiding decisions, choosing the easiest option among alternatives, making decisions influenced by immediate motivations, behaving impulsively, and failing to follow security rules.
The data provided evidence for three ways to ease security fatigue and help users maintain secure online habits and behavior. They are:
- Limit the number of security decisions users need to make;
- Make it simple for users to choose the right security action; and
- Design for consistent decision making whenever possible.
Every time we lecture, we hear about security fatigue from audiences, though it goes by many names. The bottom line is that we have to design systems that allow the user to be foolish without getting hurt – the systems themselves must bear the brunt of achieving security. Needless to say, we have a long ways to go in achieving that goal.
E-mail: firstname.lastname@example.org Phone: 703-359-0700
Digital Forensics/Information Security/Information Technology