Capturing Attention for Warnings about Insecure Password Fields – Systematic Development of a Passive Security Intervention

  • Nina Kolb
  • Steffen Bartsch
  • Melanie Volkamer
  • Joachim Vogt
Conference paper

DOI: 10.1007/978-3-319-07620-1_16

Part of the Lecture Notes in Computer Science book series (LNCS, volume 8533)
Cite this paper as:
Kolb N., Bartsch S., Volkamer M., Vogt J. (2014) Capturing Attention for Warnings about Insecure Password Fields – Systematic Development of a Passive Security Intervention. In: Tryfonas T., Askoxylakis I. (eds) Human Aspects of Information Security, Privacy, and Trust. HAS 2014. Lecture Notes in Computer Science, vol 8533. Springer, Cham

Abstract

Eavesdropping on passwords sent over insecure connections still poses a significant threat to Web users. Current measures to warn about insecure connections in browsers are often overlooked or ignored. In this paper, we systematically design more effective security interventions to indicate insecure connections in combination with password requests. We focus on catching the attention of the user with the proposed security interventions. We comparatively evaluate the three developed interventions using eye-tracking and report how effective these options are in the context of three different website designs. We find that one of the options – red background of the password field – captures significantly more attention than the others, but is less linked to the underlying problem than the yellow warning triangle option. Thus, we recommend a combination of the two options.

Keywords

security warnings security interventions morphological approach attention 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Copyright information

© Springer International Publishing Switzerland 2014

Authors and Affiliations

  • Nina Kolb
    • 1
  • Steffen Bartsch
    • 1
  • Melanie Volkamer
    • 1
  • Joachim Vogt
    • 1
  1. 1.TU DarmstadtGermany

Personalised recommendations