Capturing Attention for Warnings about Insecure Password Fields – Systematic Development of a Passive Security Intervention
Abstract
Eavesdropping on passwords sent over insecure connections still poses a significant threat to Web users. Current measures to warn about insecure connections in browsers are often overlooked or ignored. In this paper, we systematically design more effective security interventions to indicate insecure connections in combination with password requests. We focus on catching the attention of the user with the proposed security interventions. We comparatively evaluate the three developed interventions using eye-tracking and report how effective these options are in the context of three different website designs. We find that one of the options – red background of the password field – captures significantly more attention than the others, but is less linked to the underlying problem than the yellow warning triangle option. Thus, we recommend a combination of the two options.
Keywords
security warnings security interventions morphological approach attentionPreview
Unable to display preview. Download preview PDF.
References
- 1.Amer, T.S., Maris, J.B.: Signal Words and Signal Icons in Application Control and Information Technology Exception Messages – Hazard Matching and Habituation Effects. Northern Arizona University (2006)Google Scholar
- 2.Chou, N., et al.: Client-Side Defense Against Web-Based Identity Theft. Presented at the NDSS (2004)Google Scholar
- 3.Duncan, J., Humphreys, G.W.: Visual search and stimulus similarity. Psychological Review 96(3), 433–458 (1989)CrossRefGoogle Scholar
- 4.Horstmann, G.: Die Unterbrechungsfunktion der Überraschung: ein neues experimentelles Paradigma und eine Überprüfung der Automatizitätshypothese. Uni Bielefeld (2001)Google Scholar
- 5.Maurer, M.-E., et al.: Using data type based security alert dialogs to raise online security awareness. Presented at the SOUPS 2011, New York, NY, USA (2011)Google Scholar
- 6.Nielsen, J.: F-Shaped Pattern For Reading Web Content (2006), http://www.nngroup.com/articles/f-shaped-pattern-reading-web-content
- 7.Ross, B., et al.: Stronger password authentication using browser extensions. Presented at Usenix security 2005, Berkeley, CA, USA (2005)Google Scholar
- 8.Schechter, S.E., et al.: The Emperor’s New Security Indicators. Presented at the IEEE Symposium on Security and Privacy Mai (2007)Google Scholar
- 9.Treisman, A., Gormican, S.: Feature analysis in early vision: Evidence from search asymmetries. Psychological Review 95(1), 15–48 (1988)CrossRefGoogle Scholar
- 10.Ungerleider, G.L., Mishkin, L.: Two visual cortical systems. MIT Press, Cambridge (1982)Google Scholar
- 11.Wandmacher, J.: Software-Ergonomie. De Gruyter, Berlin (1993)Google Scholar
- 12.Whalen, T., Inkpen, K.M.: Gathering evidence: use of visual security cues in web browsers. Presented at the School of Computer Science, University of Waterloo, Waterloo, Ontario, Canada (2005)Google Scholar
- 13.Wirth, T.: Missing Links. Über gutes Webdesign. Hanser Verlag, München (2002)MATHGoogle Scholar
- 14.Wolfe, J.M., Horowitz, T.S.: What attributes guide the deployment of visual attention and how do they do it? Nat. Rev. Neurosci. 5(6), 495–501 (2004)CrossRefGoogle Scholar
- 15.Wu, M., et al.: Do security toolbars actually prevent phishing attacks? Presented at the CHI 2006, New York, NY, USA (2006)Google Scholar
- 16.Zwicky, F.: Discovery, Invention, Research Through the Morphological Approach. The Macmillian Company, Toronto (1969)Google Scholar