When is the best time to deliver a security message?
A group of researchers from Brigham Young University has been tracking users’ neural activity while they are using a computer, and have discovered that security warnings are heeded more if they don’t pop-up right in the middle of a task or action that requires the users’ attention.
Humans are generally bad at multitasking, and they will ignore such messages in most cases when they are watching a video, typing, or inputing a confirmation code, i.e. when we can’t attend to the message without it affecting the quality of our first task or give enough attention to it.
The best moments to spring a security warning is when the user waits for a web page to load or a file to be downloaded/processed, switches to another site, or after he or she is done watching a video.
Anybody who has ever used a computer and ignored their fair share of security messages will not be surprised by the results of this study.
But it is surprising that the software industry hasn’t already made it so that all security messages that don’t require immediate attention are shown when a task is started, finished, or the user is waiting for a task to complete.
While it might seem that this study was a waste of time that proves something we all know, it will have an impact on our daily lives – or, more specifically, on the lives of Google Chrome users.
The research was performed in collaboration with Google Chrome security engineers, and its results convinced them to tweak the timing of the security messages in future versions of the Chrome Cleanup Tool.
Hopefully, other software makers will follow. With the human element consistently being the weakest point of the security chain, we need all the help we can get to make the right choices.