Your Attention Please: Designing Security-Decision UIs to Make Genuine Risks Harder to Ignore
Symposium On Usable Privacy and Security |
We designed and tested attractors for computer security dialogs: user-interface modiﬁcations used to draw users’ attention to the most important information for making decisions. Some of these modiﬁcations were purely visual, while others temporarily inhibited potentially-dangerous behaviors to redirect users’ attention to salient information. We conducted three between-subjects experiments to test the eﬀectiveness of the attractors.
In the ﬁrst two experiments, we sent participants to perform a task on what appeared to be a third-party site that required installation of a browser plugin. We presented them with what appeared to be an installation dialog from their operating system. Participants who saw dialogs that employed inhibitive attractors were signiﬁcantly less likely than those in the control group to ignore clues that installing this software might be harmful.
In the third experiment, we attempted to habituate participants to dialogs that they knew were part of the experiment. We used attractors to highlight a ﬁeld that was of no value during habituation trials and contained critical information after the habituation period. Participants exposed to inhibitive attractors were two to three times more likely to make an informed decision than those in the control condition.