Security fatigue is real, and it’s making many people less secure. We’re always getting notifications about new threats to worry about, updates to install, and breaches to be aware of. This can all become very confusing for the average computer user. In fact, it can become so confusing that you may begin to just start ignoring the notifications.
A NIST story about the results of a new study from the National Institute of Standards and Technology (NIST) found that a majority of the typical computer users they interviewed experienced security fatigue that often leads users to risky computing behavior at work and in their personal lives.
Security fatigue is defined in the study as a weariness or reluctance to deal with computer security. As one of the study’s research subjects said about computer security, “I don’t pay any attention to those things anymore. People get weary from being bombarded by ‘watch out for this or watch out for that.’”
According to the study, participants expressed a sense of resignation, loss of control, fatalism, risk minimization, and decision avoidance, all characteristics of security fatigue.
Comments among those who expressed feelings of security fatigue included:
“I get tired of remembering my username and passwords.”
“I never remember the PIN numbers, there are too many things for me to remember. It is frustrating to have to remember this useless information.
“It also bothers me when I have to go through more additional security measures to access my things, or get locked out of my own account because I forgot as I accidentally typed in my password incorrectly.”
Managing one’s personal security and privacy is no easy task in today’s world of internet connected devices. Doing nothing has the potential for devastating results.