Replication: Do We Snooze If We Can't Lose? Modelling Risk with Incentives in Habituation User Studies

Karoline Busse; Dominik Wermke; Sabrina Amft; Sascha Fahl; Emanuel von Zezschwitz; Matthew Smith

doi:10.14722/usec.2019.23001

Replication: Do We Snooze If We Can't Lose? Modelling Risk with Incentives in Habituation User Studies

PDF Cite

Authors:

Karoline Busse, Dominik Wermke, Sabrina Amft, Sascha Fahl, Emanuel von Zezschwitz, and Matthew Smith.

Venue:

2019 Workshop on Usable Security (USEC)

Date:

February 24, 2019

Type:

Workshop publication

Abstract

Users of computer systems are confronted with security dialogs on a regular basis. As demonstrated by previous research, frequent exposure to these dialogs may lead to habituation (i.e., users tend to ignore them). While these previous studies are vital to gaining insights into the human factor, important realworld aspects have been ignored; most notably, not adhering to security dialogs has barely had a negative impact for user study participants.

To address this limitation, we replicate and extend previous work on the habituation effect. Our new study design introduces a monetary component in order to refine the study methodology on habituation research. To evaluate our approach, we conducted an online user study (n = 1236) and found a significant effect of monetary loss on the compliance to security dialogs.

Overall, this paper contributes to a deeper understanding of the habituation effect in the context of warning dialogs and provides novel insights into the complexity of ecologically valid risk modeling in user studies