论文信息 - Exploring User Reactions to New Browser Cues for Extended Validation Certificates

Exploring User Reactions to New Browser Cues for Extended Validation Certificates

With the introduction of Extended Validation SSL certificates in Internet Explorer 7.0, web browsers are introducing new indicators to convey status information about different types of certificates. We carried out a user study which compared a proposed new interface in the Mozilla Firefox browser with an alternative interface of our own design to investigate how users react to these new indicators. Our study included eye tracking data which provided empirical evidence with respect to which parts of the browser interface users tended to look at during the study and which areas went unnoticed. Our results show that, while the new interface features in the unmodified Firefox browser went unnoticed by all users in our study, the modified design was noticed by over half of the participants, and most users show a willingness to adopt these features once made aware of their functionality.

Robert Biddle | Paul C. van Oorschot | Andrew S. Patrick | Jennifer Sobey

[1] Sean W. Smith,et al. Trusted paths for browsers , 2002, TSEC.

[2] J. Doug Tygar,et al. Why Johnny Can't Encrypt: A Usability Evaluation of PGP 5.0 , 1999, USENIX Security Symposium.

[3] Tal Garfinkel,et al. Reducing shoulder-surfing by using gaze-based password entry , 2007, SOUPS '07.

[4] J. Doug Tygar,et al. The battle against phishing: Dynamic Security Skins , 2005, SOUPS '05.

[5] Dan S. Wallach,et al. Web Spoofing: An Internet Con Game , 1997 .

[6] Marti A. Hearst,et al. Why phishing works , 2006, CHI.

[7] Lorrie Faith Cranor,et al. Decision strategies and susceptibility to phishing , 2006, SOUPS '06.

[8] Sean W. Smith,et al. Web Spoofing Revisited: SSL and Beyond , 2002 .

[9] Desney S. Tan,et al. An Evaluation of Extended Validation and Picture-in-Picture Phishing Attacks , 2007, Financial Cryptography.

[10] Stuart E. Schechter,et al. The Emperor's New Security Indicators , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).

[11] Kori Inkpen Quinn,et al. Gathering evidence: use of visual security cues in web browsers , 2005, Graphics Interface.