What makes Web sites credible?: a report on a large quantitative study
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Users' conceptions of web security: a comparative study
CHI '02 Extended Abstracts on Human Factors in Computing Systems
Hardening Web browsers against man-in-the-middle and eavesdropping attacks
WWW '05 Proceedings of the 14th international conference on World Wide Web
Gathering evidence: use of visual security cues in web browsers
GI '05 Proceedings of Graphics Interface 2005
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Do security toolbars actually prevent phishing attacks?
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
The Emperor's New Security Indicators
SP '07 Proceedings of the 2007 IEEE Symposium on Security and Privacy
Improving security decisions with polymorphic and audited dialogs
Proceedings of the 3rd symposium on Usable privacy and security
You've been warned: an empirical study of the effectiveness of web browser phishing warnings
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Forcehttps: protecting high-security web sites from network attacks
Proceedings of the 17th international conference on World Wide Web
A framework for reasoning about the human in the loop
UPSEC'08 Proceedings of the 1st Conference on Usability, Psychology, and Security
Perspectives: improving SSH-style host authentication with multi-path probing
ATC'08 USENIX 2008 Annual Technical Conference on Annual Technical Conference
An evaluation of extended validation and picture-in-picture phishing attacks
FC'07/USEC'07 Proceedings of the 11th International Conference on Financial cryptography and 1st International conference on Usable Security
Browser interfaces and extended validation SSL certificates: an empirical study
Proceedings of the 2009 ACM workshop on Cloud computing security
So long, and no thanks for the externalities: the rational rejection of security advice by users
NSPW '09 Proceedings of the 2009 workshop on New security paradigms workshop
Using reinforcement to strengthen users' secure behaviors
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Trained to accept?: a field experiment on consent dialogs
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
SSLock: sustaining the trust on entities brought by SSL
ASIACCS '10 Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security
Proceedings of the Sixth Symposium on Usable Privacy and Security
Optimizing a policy authoring framework for security and privacy policies
Proceedings of the Sixth Symposium on Usable Privacy and Security
On the design of a "moody" keyboard
Proceedings of the 8th ACM Conference on Designing Interactive Systems
OpenIDemail enabled browser: towards fixing the broken web single sign-on triangle
Proceedings of the 6th ACM workshop on Digital identity management
Proceedings of the 4th Symposium on Computer Human Interaction for the Management of Information Technology
HProxy: client-side detection of SSL stripping attacks
DIMVA'10 Proceedings of the 7th international conference on Detection of intrusions and malware, and vulnerability assessment
Ethical concerns in computer security and privacy research involving human subjects
FC'10 Proceedings of the 14th international conference on Financial cryptograpy and data security
A billion keys, but few locks: the crisis of web single sign-on
Proceedings of the 2010 workshop on New security paradigms
A risk management process for consumers: the next step in information security
Proceedings of the 2010 workshop on New security paradigms
Challenges in access right assignment for secure home networks
HotSec'10 Proceedings of the 5th USENIX conference on Hot topics in security
Reinforcing bad behaviour: the misuse of security indicators on popular websites
Proceedings of the 22nd Conference of the Computer-Human Interaction Special Interest Group of Australia on Computer-Human Interaction
Does MoodyBoard make internet use more secure?: evaluating an ambient security visualization tool
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Promoting a physical security mental model for personal firewall warnings
CHI '11 Extended Abstracts on Human Factors in Computing Systems
Data type based security alert dialogs
CHI '11 Extended Abstracts on Human Factors in Computing Systems
The effectiveness of application permissions
WebApps'11 Proceedings of the 2nd USENIX conference on Web application development
Improving computer security dialogs
INTERACT'11 Proceedings of the 13th IFIP TC 13 international conference on Human-computer interaction - Volume Part IV
The security cost of cheap user interaction
Proceedings of the 2011 workshop on New security paradigms workshop
An empirical study of visual security cues to prevent the SSLstripping attack
Proceedings of the 27th Annual Computer Security Applications Conference
A brick wall, a locked door, and a bandit: a physical security metaphor for firewall warnings
Proceedings of the Seventh Symposium on Usable Privacy and Security
Proceedings of the Seventh Symposium on Usable Privacy and Security
What makes users refuse web single sign-on?: an empirical investigation of OpenID
Proceedings of the Seventh Symposium on Usable Privacy and Security
Certified lies: detecting and defeating government interception attacks against SSL (short paper)
FC'11 Proceedings of the 15th international conference on Financial Cryptography and Data Security
Android permissions: user attention, comprehension, and behavior
Proceedings of the Eighth Symposium on Usable Privacy and Security
HotSec'12 Proceedings of the 7th USENIX conference on Hot Topics in Security
Studying access-control usability in the lab: lessons learned from four studies
Proceedings of the 2012 Workshop on Learning from Authoritative Security Experiment Results
User interface toolkit mechanisms for securing interface elements
Proceedings of the 25th annual ACM symposium on User interface software and technology
Short paper: location privacy: user behavior in the field
Proceedings of the second ACM workshop on Security and privacy in smartphones and mobile devices
Why eve and mallory love android: an analysis of android SSL (in)security
Proceedings of the 2012 ACM conference on Computer and communications security
OTO: online trust oracle for user-centric trust establishment
Proceedings of the 2012 ACM conference on Computer and communications security
Towards measuring warning readability
Proceedings of the 2012 ACM conference on Computer and communications security
Measuring SSL indicators on mobile browsers: extended life, or end of the road?
ISC'12 Proceedings of the 15th international conference on Information Security
Beyond the blacklist: modeling malware spread and the effect of interventions
Proceedings of the 2012 workshop on New security paradigms
Preventing the revealing of online passwords to inappropriate websites with logininspector
lisa'12 Proceedings of the 26th international conference on Large Installation System Administration: strategies, tools, and techniques
Comparative eye tracking of experts and novices in web single sign-on
Proceedings of the third ACM conference on Data and application security and privacy
Supporting visual security cues for WebView-based Android apps
Proceedings of the 28th Annual ACM Symposium on Applied Computing
Pirates of the search results page
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Towards preventing QR code based attacks on android phone using security warnings
Proceedings of the 8th ACM SIGSAC symposium on Information, computer and communications security
Here's my cert, so trust me, maybe?: understanding TLS errors on the web
Proceedings of the 22nd international conference on World Wide Web
Accountable key infrastructure (AKI): a proposal for a public-key validation infrastructure
Proceedings of the 22nd international conference on World Wide Web
Proceedings of the Ninth Symposium on Usable Privacy and Security
Your attention please: designing security-decision UIs to make genuine risks harder to ignore
Proceedings of the Ninth Symposium on Usable Privacy and Security
Rethinking SSL development in an appified world
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
Options for integrating eID and SAML
Proceedings of the 2013 ACM workshop on Digital identity management
Validating web content with senser
Proceedings of the 29th Annual Computer Security Applications Conference
Investigating Users’ Perspectives of Web Single Sign-On: Conceptual Gaps and Acceptance Model
ACM Transactions on Internet Technology (TOIT)
Alice in warningland: a large-scale field study of browser security warning effectiveness
SEC'13 Proceedings of the 22nd USENIX conference on Security
Proceedings of International Conference on Advances in Mobile Computing & Multimedia
Hi-index | 0.00 |
Web users are shown an invalid certificate warning when their browser cannot validate the identity of the websites they are visiting. While these warnings often appear in benign situations, they can also signal a man-in-the-middle attack. We conducted a survey of over 400 Internet users to examine their reactions to and understanding of current SSL warnings. We then designed two new warnings using warnings science principles and lessons learned from the survey. We evaluated warnings used in three popular web browsers and our two warnings in a 100- participant, between-subjects laboratory study. Our warnings performed significantly better than existing warnings, but far too many participants exhibited dangerous behavior in all warning conditions. Our results suggest that, while warnings can be improved, a better approach may be to minimize the use of SSL warnings altogether by blocking users from making unsafe connections and eliminating warnings in benign situations.