Mei-Ching Lien

Stimulus-response compatibility and psychological refractory period effects: Implications for response selection

The purpose of this paper was to provide insight into the nature of response selection by reviewing the literature on stimulus-response compatibility (SRC) effects and the psychological refractory period (PRP) effect individually and jointly. The empirical findings and theoretical explanations of SRC effects that have been studied within a single-task context suggest that there are two response-selection routes—automatic activation and intentional translation. In contrast, all major PRP models reviewed in this paper have treated response selection as a single processing stage. In particular, the response-selection bottleneck (RSB) model assumes that the processing of Task 1 and Task 2 comprises two separate streams and that the PRP effect is due to a bottleneck located at response selection. Yet, considerable evidence from studies of SRC in the PRP paradigm shows that the processing of the two tasks is more interactive than is suggested by the RSB model and by most other models of the PRP effect. The major implication drawn from the studies of SRC effects in the PRP context is that response activation is a distinct process from final response selection. Response activation is based on both long-term and short-term task-defined S-R associations and occurs automatically and in parallel for the two tasks. The final response selection is an intentional act required even for highly compatible and practiced tasks and is restricted to processing one task at a time. Investigations of SRC effects and responseselection variables in dual-task contexts should be conducted more systematically because they provide significant insight into the nature of response-selection mechanisms.

Usability and Security An Appraisal of Usability Issues in Information Security Methods

In the modern multi-user computer environment, Internet-capable network servers provide connectivity that allows a large portion of the user population to access information at the desktop from sources around the world. Because of the ease with which information can be accessed, computer security breaches may occur unless systems and restricted information stored therein are kept secure. Breaches of security can have serious consequences, including theft of confidential corporate documents, compromise of intellectual property, unauthorized modification of systems and data, denial of service, and others. Considerable research has been conducted on threats to security.

Improving computer security for authentication of users: influence of proactive password restrictions.

Entering a username—password combination is a widely used procedure for identification and authentication in computer systems. However, it is a notoriously weak method, in that the passwords adopted by many users are easy to crack. In an attempt to improve security, proactive password checking may be used, in which passwords must meet several criteria to be more resistant to cracking. In two experiments, we examined the influence of proactive password restrictions on the time that it took to generate an acceptable password and to use it subsequently to log in. The required length was a minimum of five characters in Experiment 1 and eight characters in Experiment 2. In both experiments, one condition had only the length restriction, and the other had additional restrictions. The additional restrictions greatly increased the time it took to generate the password but had only a small effect on the time it took to use it subsequently to log in. For the five-character passwords, 75% were cracked when no other restrictions were imposed, and this was reduced to 33% with the additional restrictions. For the eight-character passwords, 17% were cracked with no other restrictions, and 12.5% with restrictions. The results indicate that increasing the minimum character length reduces crackability and increases security, regardless of whether additional restrictions are imposed.

Multiple spatial correspondence effects on dual-task performance

Three dual-task experiments were conducted to examine whether the underadditive interaction of the Simon effect and stimulus onset asynchrony (SOA) on Task 2 performance is due to decay. The experiments tested whether the reverse Simon effect obtained with an incompatible stimulus-response (S-R) mapping would show an overadditive interaction with SOA, as predicted by R. De Jong, C.-C. Liang, and E. Laubers (1994) dual-process model. Tone or letter identification tasks with vocal or keypress responses were used as Task 1. Task 2 was keypresses to arrow direction (or letter identity in Experiment 1). For all experiments, the normal Simon effect showed an underadditive interaction with SOA, but the reverse Simon effect did not show an overadditive interaction. The results imply that the dual-process model is not applicable to the dual-task context. Multiple correspondence effects across tasks implicate an explanation in terms of automatic S-R translation.

Task Switching in a Hierarchical Task Structure: Evidence for the Fragility of the Task Repetition Benefit

This study examined how task switching is affected by hierarchical task organization. Traditional task-switching studies, which use a constant temporal and spatial distance between each task element (defined as a stimulus requiring a response), promote a flat task structure. Using this approach, Experiment 1 revealed a large switch cost of 238 ms. In Experiments 2-5, adjacent task elements were grouped temporally and/or spatially (forming an ensemble) to create a hierarchical task organization. Results indicate that the effect of switching at the ensemble level dominated the effect of switching at the element level. Experiments 6 and 7, using an ensemble of 3 task elements, revealed that the element-level switch cost was virtually absent between ensembles but was large within an ensemble. The authors conclude that the element-level task repetition benefit is fragile and can be eliminated in a hierarchical task organization.

Dual-task performance with ideomotor-compatible tasks: is the central processing bottleneck intact, bypassed, or shifted in locus?

The present study examined whether the central bottleneck, assumed to be primarily responsible for the psychological refractory period (PRP) effect, is intact, bypassed, or shifted in locus with ideomotor (IM)-compatible tasks. In 4 experiments, factorial combinations of IM- and non-IM-compatible tasks were used for Task 1 and Task 2. All experiments showed substantial PRP effects, with a strong dependency between Task 1 and Task 2 response times. These findings, along with model-based simulations, indicate that the processing bottleneck was not bypassed, even with two IM-compatible tasks. Nevertheless, systematic changes in the PRP and correspondence effects across experiments suggest that IM compatibility shifted the locus of the bottleneck. The findings favor an engage-bottleneck-later hypothesis, whereby parallelism between tasks occurs deeper into the processing stream for IM- than for non-IM-compatible tasks, without the bottleneck being actually eliminated.

Still no evidence for perfect timesharing with two ideomotor-compatible tasks: a reply to Greenwald (2003).

For 30 years, A. G. Greenwald and H. G. Shulmans (1973) psychological refractory period (PRP) study has been cited as evidence for perfect timesharing with ideomotor (IM)-compatible tasks. Recently, M.-C. Lien, R. W. Proctor, and P. A. Allen (2002) failed to replicate these results and concluded that IM compatibility is neither necessary nor sufficient to eliminate the PRP effect. A. G. Greenwald (2003) attributed Lien et al.s nonreplication to the use of (a) a non-IM-compatible task, (b) varied trial spacing, and/or (c) inappropriate instructions. The authors of the present article argue that the first 2 factors are not critical and that instructions merely affect the criterion for speed versus accuracy. In each of Greenwalds experiments, dual-task costs were evident on response time or error rates. Furthermore, the small dual-task costs in his study are consistent with a bottleneck model. Thus, Greenwald (2003) does not provide evidence that IM-compatible tasks enable perfect timesharing.

Human Factors in Information Security Methods

In the modem multi-user computer environment, network servers provide considerable connectivity via the Internet that allows a large portion of the population to access information at their desktops from sources around the world. Because of the ease with which information can be accessed, computer crimes may occur unless restricted information is kept secure. Breaches of security can have serious consequences, including the leaking of confidential corporate documents, stealing of intellectual property, theft of services, and denial of service, among other things. Security breaches can have a negative financial impact on an organization, as well as creating bad publicity and a lack of trust among the public. Considerable research has been conducted on threats to security, and numerous sophisticated security methods have been developed (Parker, 1998). Many of these methods rely on individuals to implement and use them, and they will not accomplish their intended objectives if used improperly. This places a burden on administrators to select security methods that will ensure maximum protection while promoting acceptability and compliance of users. Yet, very little research has been conducted on the tradeoff between usability and the degree of security provided by various information security methods. The purpose of this poster is to describe several major types of security-related controls and to indicate some of the cognitive factors involved in their use. Identification and authentication of a user, or of an application or system, and confirming the user’s identify is one major type of security control. Several categories of techniques can be used for authentication in place of the common method of reusable passwords. They allow identification of the user with more certainty but at the cost of being more difficult to use. Requirements can he placed on passwords to make them more difficult to crack, but the specific password may be difficult to remember. The biometric approach makes use of individual differences in physiological or behavioral characteristics. Biometric controls tend to be expensive, obtrusive, and low in user acceptance (Millar, 1994). They are very user unfriendly and temporary physical changes, such as cuts, bums, or blisters on the finger, may prevent the user from being authenticated. A tinal category of authentication requires use of artifacts such as smart cards, devices the size of a credit card that have an embedded CPU and memory, and token devices through which the user keys in authentication codes. Usability of the artifacts is a key factor in determining the relative success of these methods. Any information stored on computers is subject to being deleted, altered, or stolen. Each of these outcomes has a cost associated with it that may be quite high. Consequently, much effort in information security is devoted to protection of data, as well as the computers and networks on which the data are maintained. Three types of security services pertaining to data protection are its integrity, confidentiality, and availability. The concern with respect to data integrity is with ensuring that data have not been modified, whether deliberately or not, during storage or transit. If data are changed deliberately and these changes go unnoticed, the consequences for a firm could be disastrous. The most common security method used to combat the data integrity problem involves computation and storage of hash codes for all of the data on the server. Confidentiality involves ensuring that sensitive or proprietary data are protected and not disclosed to anyone who is unauthorized. This is of particular concern for electronic business, where a customer’s credit card number is sent to a merchant’s Web saver. Methods include data encryption and use of a digital signature to confirm identity and prevent repudiation. However, use of these methods typically requires the user to perform additional procedures; making those procedures as convenient as possible seems to be a necessary step in effective use of the methods. One consequence of an attack by an intruder is that data may be made temporarily or permanently unavailable. Temporary unavailability can create disruptions in services and business operations, but the consequences are not nearly as severe as data destruction. The data may be irreplaceable; at the very least, restoration of the data and remediation of the problem will often require considerable time and resources. Among the means for protecting data availability is to implement adequate back-up procedures, which places a large responsibility on the system administrators. A properly executed information security program requires proper program management and administration. It is also important that a security monitoring and audit program be implemented. Without such a program remote intrusions and unauthorized accesses of databases will likely go unnoticed. Not too surprisingly, then, only a very small percentage of intrusions are both detected and reported. This is one aspect of information security in which a systematic Human Factors analysis of the process clearly should he of significant benefit.