acm-header
Sign In

Communications of the ACM

ACM TechNews

Google Study Shows Users Fail to Understand Security Warnings


View as: Print Mobile App Share: Send by email Share on reddit Share on StumbleUpon Share on Hacker News Share on Tweeter Share on Facebook
A bemused Internet user.

Researchers have identified ways to better prompt users to take corrective action to address security warnings, but do not help them better understand the underlying security issues.

Credit: DifferenceBetween.net

Researchers from Google and the University of Pennsylvania found changes to the text and graphics used in security warnings can help prompt users to take corrective action, but fail to enhance their understanding of the issues that prompted the security warning in the first place.

The researchers focused on warnings popped up by Google's Chrome Web browser when there is an issue with a Web page's Secure Sockets Layer (SSL) certificates. The warnings can be triggered by a wide range of issues, from misconfigured websites to man-in-the-middle attacks, and Google is trying to develop warnings that will help users take the appropriate action in a given situation.

The researchers found very few users were able to comprehend the SSL warnings and sought to improve comprehension and the corrective action taken by users by employing what is known as opinionated design, or the use of graphics to promote a specific action.

The researchers found simplifying the language used in the warnings in conjunction with color-coding and graphics of a lock helped to dramatically improve the percentage of users who took corrective action in response to an SSL warning. However, these changes did little to improve the users' comprehension of the warnings.

From eWeek
View Full Article

 

Abstracts Copyright © 2015 Information Inc., Bethesda, Maryland, USA


 

No entries found

Sign In for Full Access
» Forgot Password? » Create an ACM Web Account