In the previous chapter we mentioned that one of the main contributing factors to non-compliance by users is an extensive workload caused by poorly designed and poorly implemented security mechanisms. Next, we will discuss how these issues can be addressed.
Firstly, security professionals should understand that people’s resources are limited. Moreover, people tend to struggle with making effective decisions when they are tired.
To test the validity of this argument, Shiv and Fedorikhin designed an experiment where they divided participants into two groups: the first group was asked to memorise a two-digit number (e.g. 54) and the second group was asked to remember a longer seven-digit number (e.g. 4509672).