Simon Parkin, Kat Krol, Ingolf Becker and M. Angela Sasse
Security tasks can burden the individual, to the extent that security fatigue promotes had security habits. Here we revisit a series of user-centred studies of security mechanisms as part of regular routines, such as two-factor authentication. These studies inform reflection upon the perceived contributors and consequences of fatigue, and strategies that a person may adopt in response to feeling overburdened by security. The fatigue produced by security tasks is then framed using a model of cognitive control modes, which explores human performance and error. Security tasks are then considered in terms of modes such as unconscious routines and knowledge-based ad-hoc approaches. Conscious attention can support adaptation to novel security situations, but is error-prone and tiring; both simple security routines and technology-driven automation can minimise effort, but may miss cues from the environment that a nuanced response is required.
Date: 22 June 2016
Published: SOUPS Workshop on Security Fatigue Publisher: USENIX
Publisher URL: https://www.usenix.org/conference/soups2016/workshop-program/wsf/presentation/parkin
Full Text: https://www.usenix.org/system/files/conference/soups2016/wsf16_paper–parkin.pdf