Examination on Usability Issues of Security Warning Dialogs

This paper examines the usability issues of security warning dialogs from endusers’ perception. The study has been carried out in the Universiti Sains Malaysia. The study consists of two parts in order to assess the experience of end users’ during the encountering of security warnings – part 1: an online survey study which presented with three different security warning dialogs to examine end-users’ understanding and perception, and part 2: an interview study to further understand the issues faced by the end users. The study has gained insights and understanding of the usability issues end-users are facing with the current security warning dialogs. Therefore, this study provided justification for the need of improving security warnings to be more understandable. Keywords—security; warnings; usability; Human-computer Interaction; usable security;

[1]  Michael S. Wogalter,et al.  Comprehension of Pictorial Symbols: Effects of Context and Test Method , 1998, Hum. Factors.

[2]  Jeffrey M. Stanton,et al.  Analysis of end user security behaviors , 2005, Comput. Secur..

[3]  Cormac Herley,et al.  So long, and no thanks for the externalities: the rational rejection of security advice by users , 2009, NSPW '09.

[4]  Clare-Marie Karat,et al.  Usability Challenges in Security and Privacy Policy-Authoring Interfaces , 2007, INTERACT.

[5]  Michael S. Wogalter,et al.  Comprehension and Memory , 1999 .

[6]  Jan H. P. Eloff,et al.  Security and human computer interfaces , 2003, Comput. Secur..

[7]  Lorrie Faith Cranor,et al.  Crying Wolf: An Empirical Study of SSL Warning Effectiveness , 2009, USENIX Security Symposium.

[8]  Steven Furnell,et al.  End-User Perception and Usability of Information Security , 2011, HAISA.

[9]  Christopher Krügel,et al.  The Underground Economy of Fake Antivirus Software , 2011, WEIS.

[10]  Kori Inkpen Quinn,et al.  Gathering evidence: use of visual security cues in web browsers , 2005, Graphics Interface.

[11]  Lorrie Faith Cranor,et al.  Bridging the Gap in Computer Security Warnings: A Mental Model Approach , 2011, IEEE Security & Privacy.

[12]  Mervyn A. Jack,et al.  User perceptions of security, convenience and usability for ebanking authentication tokens , 2009, Comput. Secur..

[13]  Paul C. van Oorschot,et al.  Security and usability: the gap in real-world online banking , 2008, NSPW '07.

[14]  Marti A. Hearst,et al.  Why phishing works , 2006, CHI.

[15]  Michael S. Wogalter,et al.  Failure to Recognize Fake Internet Popup Warning Messages , 2008 .

[16]  Min Wu,et al.  Do security toolbars actually prevent phishing attacks? , 2006, CHI.

[17]  Steven Furnell,et al.  Considering the Usability of End-User Security Software , 2006, SEC.

[18]  Ian Welch,et al.  Effectiveness of security by admonition: a case study of security warnings in a web browser setting , 2006 .

[19]  Zarul Fitri Zaaba Enhancing usability using automated security interface adaptation (ASIA) , 2014 .

[20]  Steven Hsu,et al.  A brick wall, a locked door, and a bandit: a physical security metaphor for firewall warnings , 2011, SOUPS.

[21]  Lorrie Faith Cranor,et al.  You've been warned: an empirical study of the effectiveness of web browser phishing warnings , 2008, CHI.

[22]  Annie I. Antón,et al.  Towards understanding user perceptions of authentication technologies , 2007, WPES '07.