"users clicking “OK” on anything they don't understand"
Not quite sure why researchers "complained " about something which has been a foundation stone of security systems and processes !
In a nutshell -
1) Users are NOT security boffins
2) Users don't want to have to make decisions (they could be blamed for!)
3) First and foremost users want unimpeded use of their techie toys.
In other words security systems need to be as non-obtrusive as possible and work in the background or they will be spurned by end users.
Any introduction to IT Security will have a sentence to the effect that the role of security systems is BOTH to deter unauthorised access/use AND to facilitate access/use for legitimate users....a statement which seems to have been quickly forgotten :-)
Instead of "complaining" about human psychology Mountainview Boffins might try to remember that - unlike them - the average user does not dream of elliptic curves and would not recognize a piece of malware if it stared them in the face !