The official PGP user's guide
Surf'N'Sign: client signatures on Web documents
IBM Systems Journal
Computer Networks: The International Journal of Computer and Telecommunications Networking - Special issue on computer network security
GUI bloopers: don'ts and do's for software developers and Web designers
GUI bloopers: don'ts and do's for software developers and Web designers
Risks of the passport single signon protocol
Proceedings of the 9th international World Wide Web conference on Computer networks : the international journal of computer and telecommunications netowrking
Communications of the ACM - Ontology: different ways of representing the same concept
Usability Engineering
Semper--Secure Electronic Marketplace for Europe
Semper--Secure Electronic Marketplace for Europe
A Response to ''Can We Eliminate Certificate Revocation Lists?''
FC '00 Proceedings of the 4th International Conference on Financial Cryptography
Payments and banking with mobile personal devices
Communications of the ACM - Wireless networking security
User interface requirements for authentication of communication
AUIC '03 Proceedings of the Fourth Australasian user interface conference on User interfaces 2003 - Volume 18
Trusted distribution of software over the Internet
SNDSS '95 Proceedings of the 1995 Symposium on Network and Distributed System Security (SNDSS'95)
User Interaction Design for Secure Systems
User Interaction Design for Secure Systems
Group-Based Cooperative Cache Management for Mobile Clients in a Mobile Environment
ICPP '04 Proceedings of the 2004 International Conference on Parallel Processing
Web Spoofing and Phishing Attacks and Their Prevention
ENC '04 Proceedings of the Fifth Mexican International Conference in Computer Science
ACM Transactions on Information and System Security (TISSEC)
ACM Transactions on Information and System Security (TISSEC)
The battle against phishing: Dynamic Security Skins
SOUPS '05 Proceedings of the 2005 symposium on Usable privacy and security
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Do security toolbars actually prevent phishing attacks?
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Passpet: convenient password management and phishing protection
SOUPS '06 Proceedings of the second symposium on Usable privacy and security
Dos and don'ts of client authentication on the web
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
Why Johnny can't encrypt: a usability evaluation of PGP 5.0
SSYM'99 Proceedings of the 8th conference on USENIX Security Symposium - Volume 8
The Emperor's New Security Indicators
SP '07 Proceedings of the 2007 IEEE Symposium on Security and Privacy
ICISC'02 Proceedings of the 5th international conference on Information security and cryptology
An evaluation of extended validation and picture-in-picture phishing attacks
FC'07/USEC'07 Proceedings of the 11th International Conference on Financial cryptography and 1st International conference on Usable Security
Reasoning about public-key certification: on bindings between entities and public keys
IEEE Journal on Selected Areas in Communications
OpenIDemail enabled browser: towards fixing the broken web single sign-on triangle
Proceedings of the 6th ACM workshop on Digital identity management
A billion keys, but few locks: the crisis of web single sign-on
Proceedings of the 2010 workshop on New security paradigms
On the usability of user interfaces for secure website authentication in browsers
EuroPKI'09 Proceedings of the 6th European conference on Public key infrastructures, services and applications
Informing security indicator design in web browsers
Proceedings of the 2011 iConference
Secure authentication using dynamic virtual keyboard layout
Proceedings of the International Conference & Workshop on Emerging Trends in Technology
Interface design elements for anti-phishing systems
DESRIST'11 Proceedings of the 6th international conference on Service-oriented perspectives in design science research
Forcing johnny to login safely: long-term user study of forcing and training login mechanisms
ESORICS'11 Proceedings of the 16th European conference on Research in computer security
What makes users refuse web single sign-on?: an empirical investigation of OpenID
Proceedings of the Seventh Symposium on Usable Privacy and Security
Certified lies: detecting and defeating government interception attacks against SSL (short paper)
FC'11 Proceedings of the 15th international conference on Financial Cryptography and Data Security
A quantitative approach to estimate a website security risk using whitelist
Security and Communication Networks
Measuring SSL indicators on mobile browsers: extended life, or end of the road?
ISC'12 Proceedings of the 15th international conference on Information Security
PhishSafe: leveraging modern JavaScript API's for transparent and robust protection
Proceedings of the 4th ACM conference on Data and application security and privacy
Forcing Johnny to login safely
Journal of Computer Security - Research in Computer Security and Privacy: Emerging Trends
Hi-index | 0.00 |
In spite of the use of standard Web security measures (SSL/TLS), users enter sensitive information such as passwords into fake Web sites. Such fake sites cause substantial damages to individuals and corporations. In this work, we identify several vulnerabilities of browsers, focusing on security and identification indicators. We present improved security and identification indicators, as we implemented in TrustBar, a browser extension we developed. With TrustBar, users can assign a name or logo to identify SSL/TLS-protected sites; if users did not assign a name or logo, TrustBar identifies protected sites by the name or logo of the site, and by the certificate authority (CA) who identified the site. We present usability experiments which compared TrustBar's indicators to the basic indicators available in most browsers (padlock, URL, and https prefix), and some relevant secure-usability principles.