Communications of the ACM
'security Fatigue' Can Cause Computer Users to Feel Hopeless and Act Recklessly, New Study Suggests
A new study from the U.S. National Institute of Standards and Technology found that a majority of typical computer users interviewed have experienced security fatigue that often leads users to risky computing behavior.
Credit: NIST
Most computer users are so weary of following myriad procedures to keep their systems secure that they tend to engage in risky computing behavior on the job and in their everyday lives, according to a study from the U.S. National Institute of Standards and Technology (NIST).
The study "is critical because so many people bank online, and since healthcare and other valuable information is being moved to the Internet," says cognitive psychologist and study co-author Brian Stanton. "If people can't use security, they are not going to, and then we and our nation won't be secure."
Computer scientist Mary Theofanos notes the data culled from interviews with subjects pointed to an "overwhelming feeling of weariness." She says having to remember 25 or 30 online passwords at work is now typical, and how this affects people is a factor few researchers consider.
NIST found people suffering from security fatigue are more likely to feel they are not in control; this can lead to decision avoidance, impulsive behavior, and lax compliance with security rules.
The study suggests fatigue could be mitigated by limiting the number of security decisions users must make, simplifying their ability to choose the correct security action, and designing for consistent decision-making whenever possible.
From NIST News
View Full Article
Abstracts Copyright © 2016 Information Inc., Bethesda, Maryland, USA
No entries found