W3C home > Mailing lists > Public > public-wsc-wg@w3.org > September 2007

ACTION-283: Contribute references to support 5.3.1

From: Serge Egelman <egelman@cs.cmu.edu>
Date: Wed, 05 Sep 2007 11:01:28 -0400
Message-ID: <46DEC4C8.2030701@cs.cmu.edu>
To: Web Security Context WG <public-wsc-wg@w3.org>

Literature on habituation:

Amer and Maris conducted a study to determine how users perceive
software hazards based on warning messages and icons.  Participants were
shown a series of dialog boxes with differing text and icons, and were
instructed to estimate the severity of the warning using a 10-point
Likert scale.  The choice in both icon and warning words greatly
impacted how each participant ranked the severity.  The researchers also
examined the extent to which individuals will continue to pay attention
to a warning after seeing it multiple times (``habituation'').  Upon
being displayed multiple times, the researchers found found that users
dismissed the warnings without reading them.  This behavior continued
even when using a similar but different warning in a different
situation.  The only way of recapturing the user's attention was to
increase the arousal strength of the warning.

T. S. Amer and J. B. Maris. Signal words and signal icons in application
control and information technology exception messages – hazard matching
and habituation effects. Technical Report Working Paper Series–06-05,
Northern Arizona University, Flagstaff, AZ, October 2006.

Wogalter and Vigilante conducted a similar study and found that warnings
in the workplace are often ignored after individuals have been exposed
to them multiple times.

M. S. Wogalter and W. J. Vigilante. Attention switch and maintenance. In
M. S. Wogalter, editor, Handbook of Warnings, pages 245–265. Lawrence
Erlbaum Associates, New Jersey/London, 2006.

The more often a warning appears, the more likely it is that a user will
ignore it.

Norman, D. A. Design rules based on analyses of human error.
CACM, v26 n4 (April 1983), pp. 254-258.

Thus, warnings should appear very rarely and only when absolutely
necessary.  This will minimize habituation.  The warnings should also
interrupt the user's primary task and force a decision to be made,
rather than simply showing a generic dialog box that can be dismissed
without reading it.

M. Wu, R. C. Miller, and S. L. Garfinkel. Do Security Toolbars Actually
Prevent Phishing Attacks?  In Proceedings of the SIGCHI Conference on
Human Factors in Computing Systems Held in Montreal, pages 601–610. ACM
Press, 2006.
Serge Egelman

PhD Candidate
Vice President for External Affairs, Graduate Student Assembly
Carnegie Mellon University

Legislative Concerns Chair
National Association of Graduate-Professional Students
Received on Wednesday, 5 September 2007 15:01:51 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:14:18 UTC