Communications of the ACM
Google Study Shows Users Fail to Understand Security Warnings
Researchers have identified ways to better prompt users to take corrective action to address security warnings, but do not help them better understand the underlying security issues.
Credit: DifferenceBetween.net
Researchers from Google and the University of Pennsylvania found changes to the text and graphics used in security warnings can help prompt users to take corrective action, but fail to enhance their understanding of the issues that prompted the security warning in the first place.
The researchers focused on warnings popped up by Google's Chrome Web browser when there is an issue with a Web page's Secure Sockets Layer (SSL) certificates. The warnings can be triggered by a wide range of issues, from misconfigured websites to man-in-the-middle attacks, and Google is trying to develop warnings that will help users take the appropriate action in a given situation.
The researchers found very few users were able to comprehend the SSL warnings and sought to improve comprehension and the corrective action taken by users by employing what is known as opinionated design, or the use of graphics to promote a specific action.
The researchers found simplifying the language used in the warnings in conjunction with color-coding and graphics of a lock helped to dramatically improve the percentage of users who took corrective action in response to an SSL warning. However, these changes did little to improve the users' comprehension of the warnings.
From eWeek
View Full Article
Abstracts Copyright © 2015 Information Inc., Bethesda, Maryland, USA
No entries found