Improving SSL Warnings

Abstract

Browsers warn users when the privacy of an SSL/TLS connection might be at risk. An ideal SSL warning would empower users to make informed decisions and, failing that, guide confused users to safety. Unfortunately, users struggle to understand and often disregard real SSL warnings. We report on the task of designing a new SSL warning, with the goal of improving comprehension and adherence. We designed a new SSL warning based on recommendations from warning literature and tested our proposal with microsurveys and a field experiment. We ultimately failed at our goal of a well-understood warning. However, nearly 30% more total users chose to remain safe after seeing our warning. We attribute this success to opinionated design, which promotes safety with visual cues. Subsequently, our proposal was released as the new Google Chrome SSL warning. We raise questions about warning comprehension advice and recommend that other warning designers use opinionated design.

References

Page 1

	Year	Citations
SMOG Grading - A New Readability Formula. G. Harry McLaughlin The Journal of Reading EngineeringMeasurementQuality MetricAir QualityDiagnosis	1969	2.1K
Why phishing works Rachna Dhamija, J. D. Tygar, Marti A. Hearst Internet SecurityEngineeringUsable SecurityInformation SecurityPhishing	2006	1.3K
You've been warned Serge Egelman, Lorrie Faith Cranor, Jason Hong EngineeringWarning SystemUsable SecurityInformation SecurityUser Awareness	2008	599
The Emperor's New Security Indicators Stuart Schechter, Rachna Dhamija, Andy Ozment, EngineeringUsable SecurityInformation SecurityWebsite Authentication MeasuresInformation Forensics	2007	402
Crying Wolf: An Empirical Study of SSL Warning Effectiveness Joshua Sunshine, Serge Egelman, Hazim Almuhimedi, Figshare ReliabilityInternet SecurityEngineeringEmpirical StudyUsable Security	2009	336
Alice in warningland: a large-scale field study of browser security warning effectiveness Devdatta Akhawe, Adrienne Porter Felt	2013	247
Designing instructional text Applied Ergonomics Instructional DesignInstructional TextWriting InstructionEducationInstructional Program	1978	231
Bridging the Gap in Computer Security Warnings: A Mental Model Approach Cristian Bravo-Lillo, Lorrie Faith Cranor, Julie S. Downs, IEEE Security & Privacy EngineeringWarning SystemUsable SecurityInformation SecurityUser Awareness	2010	219
Your attention please Cristian Bravo-Lillo, Saranga Komanduri, Lorrie Faith Cranor, EngineeringUsable SecurityInformation SecurityUser-interface ModificationsCommunication	2013	142
The Noticeability of Warnings on Alcoholic Beverage Containers Kenneth R. Laughery, Stephen L. Young, Kent P. Vaubel, Journal of Public Policy & Marketing EngineeringWarning SystemAlcoholic Beverage ContainersSafety SciencePublic Health Warning	1993	139

Page 1