SSL and TLS: designing and building secure systems
SSL and TLS: designing and building secure systems
Humans in the Loop: Human-Computer Interaction and Security
IEEE Security and Privacy
ACM Transactions on Information and System Security (TISSEC)
The battle against phishing: Dynamic Security Skins
SOUPS '05 Proceedings of the 2005 symposium on Usable privacy and security
Gathering evidence: use of visual security cues in web browsers
GI '05 Proceedings of Graphics Interface 2005
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Decision strategies and susceptibility to phishing
SOUPS '06 Proceedings of the second symposium on Usable privacy and security
Protecting people from phishing: the design and evaluation of an embedded training email system
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Why Johnny can't encrypt: a usability evaluation of PGP 5.0
SSYM'99 Proceedings of the 8th conference on USENIX Security Symposium - Volume 8
The Emperor's New Security Indicators
SP '07 Proceedings of the 2007 IEEE Symposium on Security and Privacy
An evaluation of extended validation and picture-in-picture phishing attacks
FC'07/USEC'07 Proceedings of the 11th International Conference on Financial cryptography and 1st International conference on Usable Security
Crying wolf: an empirical study of SSL warning effectiveness
SSYM'09 Proceedings of the 18th conference on USENIX security symposium
Informing security indicator design in web browsers
Proceedings of the 2011 iConference
Shining chrome: using web browser personas to enhance SSL certificate visualization
INTERACT'11 Proceedings of the 13th IFIP TC 13 international conference on Human-computer interaction - Volume Part IV
Using data type based security alert dialogs to raise online security awareness
Proceedings of the Seventh Symposium on Usable Privacy and Security
Proceedings of the Seventh Symposium on Usable Privacy and Security
Measuring SSL indicators on mobile browsers: extended life, or end of the road?
ISC'12 Proceedings of the 15th international conference on Information Security
No attack necessary: the surprising dynamics of SSL trust relationships
Proceedings of the 29th Annual Computer Security Applications Conference
Alice in warningland: a large-scale field study of browser security warning effectiveness
SEC'13 Proceedings of the 22nd USENIX conference on Security
Hi-index | 0.00 |
There has been a loss of confidence in the security provided by SSL certificates and browser interfaces in the face of various attacks. As one response, basic SSL server certificates are being demoted to second-class status in conjunction with the introduction of Extended Validation (EV) SSL certificates. Unfortunately, EV SSL certificates may complicate the already difficult design challenge of effectively conveying certificate information to the average user. This study explores the interfaces related to SSL certificates in the most widely deployed browser (Internet Explorer 7), proposes an alternative set of interface dialogs, and compares their effectiveness through a user study involving 40 participants. The alternative interface was found to offer statistically significant improvements in confidence, ease of finding information, and ease of understanding. Such results from a modest re-design effort suggest considerable room for improvement in the user interfaces of browsers today. This work motivates further study of whether EV SSL certificates offer a robust foundation for improving Internet trust, or a further compromise to usable security for ordinary users.