Capturing Attention for Warnings about Insecure Password Fields – Systematic Development of a Passive Security Intervention

  • Nina Kolb
  • Steffen Bartsch
  • Melanie Volkamer
  • Joachim Vogt
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8533)

Abstract

Eavesdropping on passwords sent over insecure connections still poses a significant threat to Web users. Current measures to warn about insecure connections in browsers are often overlooked or ignored. In this paper, we systematically design more effective security interventions to indicate insecure connections in combination with password requests. We focus on catching the attention of the user with the proposed security interventions. We comparatively evaluate the three developed interventions using eye-tracking and report how effective these options are in the context of three different website designs. We find that one of the options – red background of the password field – captures significantly more attention than the others, but is less linked to the underlying problem than the yellow warning triangle option. Thus, we recommend a combination of the two options.

Keywords

security warnings security interventions morphological approach attention 

References

  1. 1.
    Amer, T.S., Maris, J.B.: Signal Words and Signal Icons in Application Control and Information Technology Exception Messages – Hazard Matching and Habituation Effects. Northern Arizona University (2006)Google Scholar
  2. 2.
    Chou, N., et al.: Client-Side Defense Against Web-Based Identity Theft. Presented at the NDSS (2004)Google Scholar
  3. 3.
    Duncan, J., Humphreys, G.W.: Visual search and stimulus similarity. Psychological Review 96(3), 433–458 (1989)CrossRefGoogle Scholar
  4. 4.
    Horstmann, G.: Die Unterbrechungsfunktion der Überraschung: ein neues experimentelles Paradigma und eine Überprüfung der Automatizitätshypothese. Uni Bielefeld (2001)Google Scholar
  5. 5.
    Maurer, M.-E., et al.: Using data type based security alert dialogs to raise online security awareness. Presented at the SOUPS 2011, New York, NY, USA (2011)Google Scholar
  6. 6.
    Nielsen, J.: F-Shaped Pattern For Reading Web Content (2006), http://www.nngroup.com/articles/f-shaped-pattern-reading-web-content
  7. 7.
    Ross, B., et al.: Stronger password authentication using browser extensions. Presented at Usenix security 2005, Berkeley, CA, USA (2005)Google Scholar
  8. 8.
    Schechter, S.E., et al.: The Emperor’s New Security Indicators. Presented at the IEEE Symposium on Security and Privacy Mai (2007)Google Scholar
  9. 9.
    Treisman, A., Gormican, S.: Feature analysis in early vision: Evidence from search asymmetries. Psychological Review 95(1), 15–48 (1988)CrossRefGoogle Scholar
  10. 10.
    Ungerleider, G.L., Mishkin, L.: Two visual cortical systems. MIT Press, Cambridge (1982)Google Scholar
  11. 11.
    Wandmacher, J.: Software-Ergonomie. De Gruyter, Berlin (1993)Google Scholar
  12. 12.
    Whalen, T., Inkpen, K.M.: Gathering evidence: use of visual security cues in web browsers. Presented at the School of Computer Science, University of Waterloo, Waterloo, Ontario, Canada (2005)Google Scholar
  13. 13.
    Wirth, T.: Missing Links. Über gutes Webdesign. Hanser Verlag, München (2002)MATHGoogle Scholar
  14. 14.
    Wolfe, J.M., Horowitz, T.S.: What attributes guide the deployment of visual attention and how do they do it? Nat. Rev. Neurosci. 5(6), 495–501 (2004)CrossRefGoogle Scholar
  15. 15.
    Wu, M., et al.: Do security toolbars actually prevent phishing attacks? Presented at the CHI 2006, New York, NY, USA (2006)Google Scholar
  16. 16.
    Zwicky, F.: Discovery, Invention, Research Through the Morphological Approach. The Macmillian Company, Toronto (1969)Google Scholar

Copyright information

© Springer International Publishing Switzerland 2014

Authors and Affiliations

  • Nina Kolb
    • 1
  • Steffen Bartsch
    • 1
  • Melanie Volkamer
    • 1
  • Joachim Vogt
    • 1
  1. 1.TU DarmstadtGermany

Personalised recommendations