Empirical Investigations on Usability of Security Warning Dialogs: End Users Experience

The dependencies of the computer and the Internet keep increasing among the users. Thus, it poses to the increasing number of attacks as a result of using various application and tools. Security warning conveys an alert on the potential harm users might expose such as malware and any kind of attacks on their computer. In practice, most of the end users tend to ignore the security warning as it shows the messages repeatedly, although they have been exposed to many risks. A security warning dialogue is supposed to catch the user’s attention and comprehension however, because of users’ past experiences such habituation makes them became less focus. One-to-one interview session with 60 participants was conducted in order to gain further comprehension among the end users experiencing security warning and to investigate the usability issues of current security warning implementation. It is deemed of necessity to discover these usability issues in the current context of security warning presentations. The result revealed that the problems and challenges continue to persist such as difficulties to make a decision, difficulties to comprehend technical jargons, lack of attractiveness of current security warning and issues of habituation or repeated exposures of warnings.

[1]  Jacqueline Archibald,et al.  Reducing Risky Security Behaviours: Utilising Affective Feedback to Educate Users , 2014, Future Internet.

[2]  Matthew Smith,et al.  Sorry, I Don't Get It: An Analysis of Warning Message Texts , 2013, Financial Cryptography Workshops.

[3]  Adrienne Porter Felt,et al.  Alice in Warningland: A Large-Scale Field Study of Browser Security Warning Effectiveness , 2013, USENIX Security Symposium.

[4]  Stuart E. Schechter,et al.  The Emperor's New Security Indicators , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).

[5]  Elissa M. Redmiles,et al.  I Think They're Trying to Tell Me Something: Advice Sources and Selection for Digital Security , 2016, 2016 IEEE Symposium on Security and Privacy (SP).

[6]  Kirstie Hawkey,et al.  Do windows users follow the principle of least privilege?: investigating user account control practices , 2010, SOUPS.

[7]  Pam J. Mayhew,et al.  Users' Awareness of Visible Security Design Flaws , 2016 .

[8]  Habib Ullah Khan,et al.  Security behaviors of smartphone users , 2016, Inf. Comput. Secur..

[9]  Cristian Bravo-Lillo Improving Computer Security Dialogs: An Exploration of Attention and Habituation , 2014 .

[10]  Kat Krol,et al.  Don't work. Can't work? Why it's time to rethink security warnings , 2012, 2012 7th International Conference on Risks and Security of Internet and Systems (CRiSIS).

[11]  Tetsuji Takada,et al.  Exploring alternative security warning dialog for attracting user attention: evaluation of "Kawaii" effect and its additional stimulus combination , 2017, iiWAS.

[12]  Steven Hsu,et al.  A brick wall, a locked door, and a bandit: a physical security metaphor for firewall warnings , 2011, SOUPS.

[13]  Bonnie Brinton Anderson,et al.  What Do We Really Know about How Habituation to Warnings Occurs Over Time?: A Longitudinal fMRI Study of Habituation and Polymorphic Warnings , 2017, CHI.

[14]  Bonnie Brinton Anderson,et al.  How Polymorphic Warnings Reduce Habituation in the Brain: Insights from an fMRI Study , 2015, CHI.

[15]  Steven Furnell,et al.  The challenges of understanding and using security: A survey of end-users , 2006, Comput. Secur..

[16]  Sunny Consolvo,et al.  "...No one Can Hack My Mind": Comparing Expert and Non-Expert Security Practices , 2015, SOUPS.

[17]  Laura A. Dabbish,et al.  "My Data Just Goes Everywhere: " User Mental Models of the Internet and Implications for Privacy and Security , 2015, SOUPS.

[18]  Zarul Fitri Zaaba,et al.  Security Warning Life Cycle: Challenges and Panacea , 2017 .

[19]  Zarul Fitri Zaaba,et al.  A study on improving security warnings , 2014, The 5th International Conference on Information and Communication Technology for The Muslim World (ICT4M).

[20]  Bonnie Brinton Anderson,et al.  More Harm Than Good? How Messages That Interrupt Can Make Us Vulnerable , 2016, Inf. Syst. Res..

[21]  Zarul Fitri Zaaba,et al.  Literature studies on security warnings development , 2016 .

[22]  Rick Wash,et al.  Organization Interfaces—collaborative computing General Terms , 2022 .

[23]  Zarul Fitri Zaaba,et al.  Habituation effects in computer security warning , 2018, Inf. Secur. J. A Glob. Perspect..

[24]  Azman Samsudin,et al.  Symbolism in Computer Security Warnings: Signal Icons & Signal Words , 2016 .

[25]  Manmeet Mahinderjit Singh,et al.  Usable Security: Revealing End-Users Comprehensions on Security Warnings , 2017 .

[26]  Lorrie Faith Cranor,et al.  Bridging the Gap in Computer Security Warnings: A Mental Model Approach , 2011, IEEE Security & Privacy.

[27]  Min Wu,et al.  Do security toolbars actually prevent phishing attacks? , 2006, CHI.

[28]  Bonnie Brinton Anderson,et al.  Users Aren't (Necessarily) Lazy: Using NeuroIS to Explain Habituation to Security Warnings , 2014, ICIS.

[29]  Bonnie Brinton Anderson,et al.  From Warning to Wallpaper: Why the Brain Habituates to Security Warnings and What Can Be Done About It , 2016, J. Manag. Inf. Syst..

[30]  Stuart E. Schechter,et al.  The Emperor's New Security Indicators An evaluation of website authentication and the effect of role playing on usability studies † , 2007 .