- From: Timothy Hahn <hahnt@us.ibm.com>
- Date: Wed, 5 Sep 2007 11:59:20 -0400
- To: Web Security Context WG <public-wsc-wg@w3.org>
- Message-ID: <OF0E04ABF1.4B0B6D16-ON8525734D.0056672C-8525734D.0057D6E5@us.ibm.com>
Serge, Thanks for sending. Does the study make any distinctions between "increasing the arousal strength" vs. just making the warning look/feel/sound "different from" the usual warnings provided? What is the measure of "arousal strength"? I'm left wondering if the most important thing is to avoid falling into a rut rather than continually ratcheting up the arousal factor. (Considering my personal experience with television commercials - silent commercials often get my attention just as much as ones that turn up the volume.) So is it the difference in stimulus or the strength of the stimulus? Thanks in advance, Tim Hahn IBM Distinguished Engineer Internet: hahnt@us.ibm.com Internal: Timothy Hahn/Durham/IBM@IBMUS phone: 919.224.1565 tie-line: 8/687.1565 fax: 919.224.2530 From: Serge Egelman <egelman@cs.cmu.edu> To: Web Security Context WG <public-wsc-wg@w3.org> Date: 09/05/2007 11:03 AM Subject: ACTION-283: Contribute references to support 5.3.1 Literature on habituation: Amer and Maris conducted a study to determine how users perceive software hazards based on warning messages and icons. Participants were shown a series of dialog boxes with differing text and icons, and were instructed to estimate the severity of the warning using a 10-point Likert scale. The choice in both icon and warning words greatly impacted how each participant ranked the severity. The researchers also examined the extent to which individuals will continue to pay attention to a warning after seeing it multiple times (``habituation''). Upon being displayed multiple times, the researchers found found that users dismissed the warnings without reading them. This behavior continued even when using a similar but different warning in a different situation. The only way of recapturing the user's attention was to increase the arousal strength of the warning. T. S. Amer and J. B. Maris. Signal words and signal icons in application control and information technology exception messages – hazard matching and habituation effects. Technical Report Working Paper Series–06-05, Northern Arizona University, Flagstaff, AZ, October 2006. --- Wogalter and Vigilante conducted a similar study and found that warnings in the workplace are often ignored after individuals have been exposed to them multiple times. M. S. Wogalter and W. J. Vigilante. Attention switch and maintenance. In M. S. Wogalter, editor, Handbook of Warnings, pages 245–265. Lawrence Erlbaum Associates, New Jersey/London, 2006. --- The more often a warning appears, the more likely it is that a user will ignore it. Norman, D. A. Design rules based on analyses of human error. CACM, v26 n4 (April 1983), pp. 254-258. --- Thus, warnings should appear very rarely and only when absolutely necessary. This will minimize habituation. The warnings should also interrupt the user's primary task and force a decision to be made, rather than simply showing a generic dialog box that can be dismissed without reading it. M. Wu, R. C. Miller, and S. L. Garfinkel. Do Security Toolbars Actually Prevent Phishing Attacks? In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems Held in Montreal, pages 601–610. ACM Press, 2006. -- /* Serge Egelman PhD Candidate Vice President for External Affairs, Graduate Student Assembly Carnegie Mellon University Legislative Concerns Chair National Association of Graduate-Professional Students */
Received on Wednesday, 5 September 2007 15:59:37 UTC