Shining Chrome: Using Web Browser Personas to Enhance SSL Certificate Visualization

  • Max-Emanuel Maurer
  • Alexander De Luca
  • Tobias Stockinger
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6949)


Average users lack the technical expertise to understand SSL certificates and security is not their primary goal. Thus, it is very hard to create a notable impact on user behavior using SSL-status indicators. However, with the introduction of web browser Personas (simple skins) as a possibility to change the browser’s chrome, it becomes possible to provide a large status indicator without wasting screen real estate. In this work, we present an evaluation of Personas to represent the current SSL status combined with newly designed SSL warning messages, both in the lab and in the field. Results suggest that the concepts positively influenced security awareness.


SSL certificates Security Awareness Security 


  1. 1.
    Amer, T.S., Maris, J.B.: Signal words and signal icons in application control and information technology. Journal of Information Systems 21 (2006)Google Scholar
  2. 2.
    Biddle, R., van Oorschot, P.C., Patrick, A.S., Sobey, J., Whalen, T.: Browser interfaces and extended validation SSL certificates: An empirical study. In: CCSW 2009. ACM, New York (2009)Google Scholar
  3. 3.
    CA/Browser Forum: Extended validation ssl certificates,
  4. 4.
    Egelman, S., Cranor, L.F., Hong, J.: You’ve been warned: an empirical study of the effectiveness of web browser phishing warnings. In: Proc. CHI 2008, pp. 1065–1074. ACM, Florence (2008)Google Scholar
  5. 5.
    Gibson, S., Laporte, L.: Security now episode 277, (visited March 27, 2011)
  6. 6.
    Grimes, J.: On the failure to detect changes in scenes across saccades. Perception 2, 89–110 (1996)Google Scholar
  7. 7.
    Lewis, J.R.: IBM computer usability satisfaction questionnaires: psychometric evaluation and instructions for use. International Journal of Human Computer Interaction 7(1), 57–78 (1995)CrossRefGoogle Scholar
  8. 8.
    Morton, B.: SSLPersonas - SSL blog - Entrust insights, (visited March 27, 2011)
  9. 9.
    Roessler, T., Saldhana, A.: Web security context: User interface guidelines (2009)Google Scholar
  10. 10.
    Whitten, A., Tygar, J.D.: Why johnny can’t encrypt: A usability evaluation of PGP 5.0. In: Proc. USENIX 1999, pp. 169–184 (1999)Google Scholar
  11. 11.
    Wu, M., Miller, R.C., Garfinkel, S.L.: Do security toolbars actually prevent phishing attacks? In: Proc. CHI 2006, pp. 601–610. ACM, New York (2006)Google Scholar

Copyright information

© IFIP International Federation for Information Processing 2011

Authors and Affiliations

  • Max-Emanuel Maurer
    • 1
  • Alexander De Luca
    • 1
  • Tobias Stockinger
    • 1
  1. 1.Media Informatics GroupUniversity of MunichMünchenGermany

Personalised recommendations