Researchers found these times are less effective because of “dual task interference,” a neural limitation where even simple tasks can’t be simultaneously performed without significant performance loss.
Study co-author and BYU information systems professor Anthony Vance said that the average punter’s brain can’t handle multitasking very well and software developers categorically present warning messages without any regard to what the user is doing.
“They interrupt us constantly and our research shows there’s a high penalty that comes by presenting these messages at random times.”
More than 74 percent of people in the study ignored security messages that popped up while they were on the way to close a web page window. Another 79 percent ignored the messages if they were watching a video. And a whopping 87 percent disregarded the messages while they were transferring information, in this case, a confirmation code.
Jeff Jenkins, lead author of the study said that you can fix this problem simply by changing the timing of the warnings.
“Waiting to display a warning to when people are not busy doing something else increases their security actions substantially.”
People pay the most attention to security messages when they pop up in lower dual task times such as after watching a video, while waiting for a page to load and after interacting with a website.
While this seems to be in the “no shit Sherlock” level of research, it is the complete opposite to the way that software is designed. Security warnings are timed to appear when a person is less likely to respond.