Hacker News new | ask | show | jobs
by tialaramex 657 days ago
There's an old Microsoft study examining what might help users to not give crooks their credentials. The participants used their real credentials to attempt a real bank transaction, and Microsoft studied what might count as a red flag and stop them from attempting this transaction on a bogus site, variations in UI warnings, layout etc..

Nothing. Nothing you could do stopped users from persisting in their goal, despite all the red flags, humans get stuck on a mission, it's called "Get-there-itis" and it kills private pilots, it causes those "How could you be such a moron?" bridge strikes you see on Youtube, it's a defect in human psychology, you have to design knowing that this defect exists.

So what works? Brick Wall UX. When the user can't do the wrong thing they won't. They'll still try of course, but now they can't succeed (in giving their credentials to crooks).
2 comments
seabass-labrax 656 days ago
Broadly speaking, I agree with the claim - but I'm very suspicious of the study. We'd have to know the methodology to be sure (maybe you have a link to this?), but there are many factors that could lead participants to ignore the warning signs and persevere. For instance, the participants may have been offered a sum of money for their involvement, and believed (consciously or subconsciously) that they had to 'pass' the test to earn it. Or, it could have been pride and the desire not to lose face; perhaps even the sentiment of "the sooner I can finish this daft test, the sooner I can leave"!

There is a common attitude in the computer industry that designers/developers know better than users, but software users are representative of the general population and are thus no more or less intelligent than average. I believe it's primarily a lack of understanding of how software works that makes online phishing scams work. 'Brick Wall UX' can only go so far to compensate for that, and it comes at a cost of making software less flexible for the end-user.

link
mananaysiempre 657 days ago
Jeff Atwood called it the dancing bunnies problem[1].

[1] https://blog.codinghorror.com/the-dancing-bunnies-problem/

link
tialaramex 657 days ago
The usual term is "Dancing pigs" rather than bunnies: https://en.wikipedia.org/wiki/Dancing_pigs

But this isn't quite the same thing, the dancing pigs (or bunnies) are an attraction, the mission mindset / get-there-itis happen after the user has decided to do something, and prevent them from (correctly) deciding not to do it in light of more information.

link