Don’t work. Can’t work? Why it’s time to rethink security warnings

In this study, 120 participants were asked to test an (arbitrary) online tool. During testing, participants encountered a PDF download warning. All participants noticed the warning, but 81.7% downloaded the PDF file that triggered it regardless. The authors’ attribute failure to heed security warnings to frequent exposure and false alarms. They conclude that security warnings in their current forms are largely ineffective, and will remain so unless the number of false positives can be reduced.