Simon Parkin, Kat Krol, Ingolf Becker and M. Angela Sasse


Security tasks can burden the individual, to the extent that security fatigue promotes had security habits. Here we revisit a series of user-centred studies of security mechanisms as part of regular routines, such as two-factor authentication. These studies inform reflection upon the perceived contributors and consequences of fatigue, and strategies that a person may adopt in response to feeling overburdened by security. The fatigue produced by security tasks is then framed using a model of cognitive control modes, which explores human performance and error. Security tasks are then considered in terms of modes such as unconscious routines and knowledge-based ad-hoc approaches. Conscious attention can support adaptation to novel security situations, but is error-prone and tiring; both simple security routines and technology-driven automation can minimise effort, but may miss cues from the environment that a nuanced response is required.

Date: 22 June 2016 Published: SOUPS Workshop on Security Fatigue                                                                                                           Publisher: USENIX Publisher URL: Full Text: