Nav: Home

'Security fatigue' can cause computer users to feel hopeless and act recklessly

October 04, 2016

After updating your password for the umpteenth time, have you resorted to using one you know you'll remember because you've used it before? Have you ever given up on an online purchase because you just didn't feel like creating a new account?

If you have done any of those things, it might be the result of "security fatigue." It exposes online users to risk and costs businesses money in lost customers.

A new study from National Institute of Standards and Technology (NIST) researchers found that a majority of the typical computer users they interviewed experienced security fatigue that often leads users to risky computing behavior at work and in their personal lives.

Security fatigue is defined in the study as a weariness or reluctance to deal with computer security. As one of the study's research subjects said about computer security, "I don't pay any attention to those things anymore...People get weary from being bombarded by 'watch out for this or watch out for that.'"

"The finding that the general public is suffering from security fatigue is important because it has implications in the workplace and in people's everyday life," cognitive psychologist and co-author Brian Stanton said. "It is critical because so many people bank online, and since health care and other valuable information is being moved to the internet."

"If people can't use security, they are not going to, and then we and our nation won't be secure," Stanton said.

The study, published this week in IEEE's IT Professional, draws on data from a qualitative study on computer users' perception and beliefs about cybersecurity and online privacy. The subjects ranged in age from their 20s to their 60s, hailed from urban, suburban and rural areas, and held a variety of jobs.

The interviews focused on the subjects' work and home computer use, specifically about online activity, including shopping and banking, computer security, security terminology, and security icons and tools.

"We weren't even looking for fatigue in our interviews, but we got this overwhelming feeling of weariness throughout all of the data," computer scientist and co-author Mary Theofanos said.

"Years ago, you had one password to keep up with at work," she said. "Now people are being asked to remember 25 or 30. We haven't really thought about cybersecurity expanding and what it has done to people."

The multidisciplinary team learned that the majority of their average computer users felt overwhelmed and bombarded, and they got tired of being on constant alert, adopting safe behavior, and trying to understand the nuances of online security issues.

When asked to make more computer security decisions than they are able to manage, they experience decision fatigue, which leads to security fatigue.

Researchers found that the result of weariness leads to feelings of resignation and loss of control. These reactions can lead to avoiding decisions, choosing the easiest option among alternatives, making decisions influenced by immediate motivations, behaving impulsively, and failing to follow security rules.

Comments among those who expressed feelings of security fatigue included:
  • "I get tired of remembering my username and passwords."

  • "I never remember the PIN numbers, there are too many things for me to remember. It is frustrating to have to remember this useless information.

  • "It also bothers me when I have to go through more additional security measures to access my things, or get locked out of my own account because I forgot as I accidentally typed in my password incorrectly."

Participants also wonder why they would be targeted in a cyberattack. The data showed that many interviewees did not feel important enough for anyone to want to take their information, nor did they know anyone who had ever been hacked.

Commenters also expressed the sentiment that safeguarding data is someone else's responsibility, leaving computer security up to their bank, online store or someone with more experience.

Individuals also questioned how they could effectively protect their data when large organizations frequently fall victim to cyberattacks.

The data provided evidence for three ways to ease security fatigue and help users maintain secure online habits and behavior. They are:

  1. Limit the number of security decisions users need to make;

  2. Make it simple for users to choose the right security action; and

  3. Design for consistent decision making whenever possible.

To obtain a clearer picture of computer security behavior, the researchers will be interviewing additional computer users of varying levels of responsibility, including cybersecurity professionals; mid-level employees with responsibilities to protect personally identifiable information in fields such as health care, finance and education; and workers who use computers but for whom security is not their primary responsibility.

Stanton and Theofanos suggest it will take a multidisciplinary team of computer security experts, psychologists, sociologists and anthropologists working together to improve computer security issues, including behavior, to manage security fatigue.
-end-
B. Stanton, M.F. Theofanos, S.S. Prettyman, S. Furman. Security Fatigue. IT Professional, Sept.-Oct. 2016. DOI: 10.1109/MITP.2016.84

National Institute of Standards and Technology (NIST)

Related Health Care Articles:

Mental health outcomes among health care workers during COVID-19 pandemic in Italy
Symptoms of posttraumatic stress disorder, depression, anxiety and insomnia among health care workers in Italy during the COVID-19 pandemic are reported in this observational study.
Spending on primary care vs. other US health care expenditures
National health care survey data were used to assess the amount of money spent on primary care relative to other areas of health care spending in the US from 2002 to 2016.
MU Health Care neurologist publishes guidance related to COVID-19 and stroke care
A University of Missouri Health Care neurologist has published more than 40 new recommendations for evaluating and treating stroke patients based on international research examining the link between stroke and novel coronavirus (COVID-19).
Mental health of health care workers in china in hospitals with patients with COVID-19
This survey study of almost 1,300 health care workers in China at 34 hospitals equipped with fever clinics or wards for patients with COVID-19 reports on their mental health outcomes, including symptoms of depression, anxiety, insomnia and distress.
Large federal program aimed at providing better health care underfunds primary care
Despite a mandate to help patients make better-informed health care decisions, a ten-year research program established under the Affordable Care Act has funded a relatively small number of studies that examine primary care, the setting where the majority of patients in the US receive treatment.
International medical graduates care for Medicare patients with greater health care needs
A study by a Massachusetts General Hospital research team indicates that internal medicine physicians who are graduates of medical schools outside the US care for Medicare patients with more complex medical needs than those cared for by graduates of American medical schools.
The Lancet Global Health: Improved access to care not sufficient to improve health, as epidemic of poor quality care revealed
Of the 8.6 million deaths from conditions treatable by health care, poor-quality care is responsible for an estimated 5 million deaths per year -- more than deaths due to insufficient access to care (3.6 million) .
Under Affordable Care Act, Americans have had more preventive care for heart health
By reducing out-of-pocket costs for preventive treatment, the Affordable Care Act appears to have encouraged more people to have health screenings related to their cardiovascular health.
High-deductible health care plans curb both cost and usage, including preventive care
A team of researchers based at IUPUI has conducted the first systematic review of studies examining the relationship between high-deductible health care plans and the use of health care services.
Medical expenditures rise in most categories except primary care physicians and home health care
This article was published in the July/August 2017 issue of Annals of Family Medicine research journal.
More Health Care News and Health Care Current Events

Trending Science News

Current Coronavirus (COVID-19) News

Top Science Podcasts

We have hand picked the top science podcasts of 2020.
Now Playing: TED Radio Hour

Listen Again: The Biology Of Sex
Original broadcast date: May 8, 2020. Many of us were taught biological sex is a question of female or male, XX or XY ... but it's far more complicated. This hour, TED speakers explore what determines our sex. Guests on the show include artist Emily Quinn, journalist Molly Webster, neuroscientist Lisa Mosconi, and structural biologist Karissa Sanbonmatsu.
Now Playing: Science for the People

#569 Facing Fear
What do you fear? I mean really fear? Well, ok, maybe right now that's tough. We're living in a new age and definition of fear. But what do we do about it? Eva Holland has faced her fears, including trauma and phobia. She lived to tell the tale and write a book: "Nerve: Adventures in the Science of Fear".
Now Playing: Radiolab

The Wubi Effect
When we think of China today, we think of a technological superpower. From Huweai and 5G to TikTok and viral social media, China is stride for stride with the United States in the world of computing. However, China's technological renaissance almost didn't happen. And for one very basic reason: The Chinese language, with its 70,000 plus characters, couldn't fit on a keyboard.  Today, we tell the story of Professor Wang Yongmin, a hard headed computer programmer who solved this puzzle and laid the foundation for the China we know today. This episode was reported and produced by Simon Adler with reporting assistance from Yang Yang. Special thanks to Martin Howard. You can view his renowned collection of typewriters at: antiquetypewriters.com Support Radiolab today at Radiolab.org/donate.