// Ars Technica
Ever feel your eyes glazing over when you see yet another security warning pop up on your monitor? In a first, scientists have used magnetic resonance imaging to measure a human brain's dramatic drop in attention that results when a computer user is subjected to just two security warnings in a short time.
In a paper scheduled to be presented next month at the Association for Computing Machinery's CHI 2015 conference, researchers will present data that maps regions of the brain responsible for visual processing. The MRI images show a "precipitous drop" in visual processing after even one repeated exposure to a standard security warning and a "large overall drop" after 13 of them. Previously, such warning fatigue has been observed only indirectly, such as one study finding that only 14 percent of participants recognized content changes to confirmation dialog boxes or another that recorded users clicking through one-half of all SSL warnings in less than two seconds.
Building a better mousetrap
The inattention is the result of a phenomenon known as habituation, or the tendency for organisms' neural systems to show partial or complete cessations of responses to stimuli over repeated exposures. Such repetition suppression, or RS, has long been documented in everything from sea slugs to humans. By directly measuring RS in the brains of people exposed to computer security warnings, the scientists were then able to test more effective ways that software makers can alert people to potential risks. The paper—titled "How Polymorphic Warnings Reduce Habituation in the Brain—Insights from an fMRI Study"—is one of two to be presented at CHI 2015 that studies people's responses to security warnings. A second paper is titled "Improving SSL Warnings: Comprehension and Adherence."