Securing Java: getting down to business with mobile code
Securing Java: getting down to business with mobile code
Users' conceptions of web security: a comparative study
CHI '02 Extended Abstracts on Human Factors in Computing Systems
Using the Experience Sampling Method to Evaluate Ubicomp Applications
IEEE Pervasive Computing
Gathering evidence: use of visual security cues in web browsers
GI '05 Proceedings of Graphics Interface 2005
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Do security toolbars actually prevent phishing attacks?
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
The Emperor's New Security Indicators
SP '07 Proceedings of the 2007 IEEE Symposium on Security and Privacy
You've been warned: an empirical study of the effectiveness of web browser phishing warnings
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Perspectives: improving SSH-style host authentication with multi-path probing
ATC'08 USENIX 2008 Annual Technical Conference on Annual Technical Conference
Exploring User Reactions to New Browser Cues for Extended Validation Certificates
ESORICS '08 Proceedings of the 13th European Symposium on Research in Computer Security: Computer Security
Browser interfaces and extended validation SSL certificates: an empirical study
Proceedings of the 2009 ACM workshop on Cloud computing security
An evaluation of extended validation and picture-in-picture phishing attacks
FC'07/USEC'07 Proceedings of the 11th International Conference on Financial cryptography and 1st International conference on Usable Security
Crying wolf: an empirical study of SSL warning effectiveness
SSYM'09 Proceedings of the 18th conference on USENIX security symposium
Bridging the Gap in Computer Security Warnings: A Mental Model Approach
IEEE Security and Privacy
The SSL landscape: a thorough analysis of the x.509 PKI using active and passive measurements
Proceedings of the 2011 ACM SIGCOMM conference on Internet measurement conference
The security cost of cheap user interaction
Proceedings of the 2011 workshop on New security paradigms workshop
Proceedings of the Seventh Symposium on Usable Privacy and Security
HotSec'12 Proceedings of the 7th USENIX conference on Hot Topics in Security
Here's my cert, so trust me, maybe?: understanding TLS errors on the web
Proceedings of the 22nd international conference on World Wide Web
| Hi-index | 0.00 |
We empirically assess whether browser security warnings are as ineffective as suggested by popular opinion and previous literature. We used Mozilla Firefox and Google Chrome's in-browser telemetry to observe over 25 million warning impressions in situ. During our field study, users continued through a tenth of Mozilla Firefox's malware and phishing warnings, a quarter of Google Chrome's malware and phishing warnings, and a third of Mozilla Firefox's SSL warnings. This demonstrates that security warnings can be effective in practice; security experts and system architects should not dismiss the goal of communicating security information to end users. We also find that user behavior varies across warnings. In contrast to the other warnings, users continued through 70.2% of Google Chrome's SSL warnings. This indicates that the user experience of a warning can have a significant impact on user behavior. Based on our findings, we make recommendations for warning designers and researchers.