Reinforcing bad behaviour : the misuse of security indicators on popular websites
| Data(s) |
2010
|
|---|---|
| Resumo |
Before making a security or privacy decision, Internet users should evaluate several security indicators in their browser, such as the use of HTTPS (indicated via the lock icon), the domain name of the site, and information from extended validation certificates. However, studies have shown that human subjects infrequently employ these indicators, relying on other indicators that can be spoofed and convey no cryptographic assurances. We identify four simple security indicators that accurately represent security properties of the connection and then examine 125 popular websites to determine if the sites' designs result in correctly displayed security indicators during login. In the vast majority of cases, at least some security indicators are absent or suboptimal. This suggests users are becoming habituated to ignoring recommended security indicators. |
| Formato |
application/pdf |
| Identificador | |
| Publicador |
ACM |
| Relação |
http://eprints.qut.edu.au/38650/1/c38650.pdf http://www.ozchi.org/ Stebila, Douglas (2010) Reinforcing bad behaviour : the misuse of security indicators on popular websites. In Proceedings of the 22nd Australasian Conference on Computer-Human Interaction (OZCHI 2010), ACM, Queensland University of Technology, Brisbane, pp. 248-251. |
| Direitos |
Copyright 2010 the author(s) and CHISIG |
| Fonte |
Computer Science; Faculty of Science and Technology; Information Security Institute |
| Palavras-Chave | #080402 Data Encryption #080602 Computer-Human Interaction #100503 Computer Communications Networks #user education #security indicators #web browsers #HTTPS |
| Tipo |
Conference Paper |
