Abstract
Eavesdropping on passwords sent over insecure connections still poses a significant threat to Web users. Current measures to warn about insecure connections in browsers are often overlooked or ignored. In this paper, we systematically design more effective security interventions to indicate insecure connections in combination with password requests. We focus on catching the attention of the user with the proposed security interventions. We comparatively evaluate the three developed interventions using eye-tracking and report how effective these options are in the context of three different website designs. We find that one of the options – red background of the password field – captures significantly more attention than the others, but is less linked to the underlying problem than the yellow warning triangle option. Thus, we recommend a combination of the two options.
Chapter PDF
Similar content being viewed by others
References
Amer, T.S., Maris, J.B.: Signal Words and Signal Icons in Application Control and Information Technology Exception Messages – Hazard Matching and Habituation Effects. Northern Arizona University (2006)
Chou, N., et al.: Client-Side Defense Against Web-Based Identity Theft. Presented at the NDSS (2004)
Duncan, J., Humphreys, G.W.: Visual search and stimulus similarity. Psychological Review 96(3), 433–458 (1989)
Horstmann, G.: Die Unterbrechungsfunktion der Überraschung: ein neues experimentelles Paradigma und eine Überprüfung der Automatizitätshypothese. Uni Bielefeld (2001)
Maurer, M.-E., et al.: Using data type based security alert dialogs to raise online security awareness. Presented at the SOUPS 2011, New York, NY, USA (2011)
Nielsen, J.: F-Shaped Pattern For Reading Web Content (2006), http://www.nngroup.com/articles/f-shaped-pattern-reading-web-content
Ross, B., et al.: Stronger password authentication using browser extensions. Presented at Usenix security 2005, Berkeley, CA, USA (2005)
Schechter, S.E., et al.: The Emperor’s New Security Indicators. Presented at the IEEE Symposium on Security and Privacy Mai (2007)
Treisman, A., Gormican, S.: Feature analysis in early vision: Evidence from search asymmetries. Psychological Review 95(1), 15–48 (1988)
Ungerleider, G.L., Mishkin, L.: Two visual cortical systems. MIT Press, Cambridge (1982)
Wandmacher, J.: Software-Ergonomie. De Gruyter, Berlin (1993)
Whalen, T., Inkpen, K.M.: Gathering evidence: use of visual security cues in web browsers. Presented at the School of Computer Science, University of Waterloo, Waterloo, Ontario, Canada (2005)
Wirth, T.: Missing Links. Über gutes Webdesign. Hanser Verlag, München (2002)
Wolfe, J.M., Horowitz, T.S.: What attributes guide the deployment of visual attention and how do they do it? Nat. Rev. Neurosci. 5(6), 495–501 (2004)
Wu, M., et al.: Do security toolbars actually prevent phishing attacks? Presented at the CHI 2006, New York, NY, USA (2006)
Zwicky, F.: Discovery, Invention, Research Through the Morphological Approach. The Macmillian Company, Toronto (1969)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer International Publishing Switzerland
About this paper
Cite this paper
Kolb, N., Bartsch, S., Volkamer, M., Vogt, J. (2014). Capturing Attention for Warnings about Insecure Password Fields – Systematic Development of a Passive Security Intervention. In: Tryfonas, T., Askoxylakis, I. (eds) Human Aspects of Information Security, Privacy, and Trust. HAS 2014. Lecture Notes in Computer Science, vol 8533. Springer, Cham. https://doi.org/10.1007/978-3-319-07620-1_16
Download citation
DOI: https://doi.org/10.1007/978-3-319-07620-1_16
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-07619-5
Online ISBN: 978-3-319-07620-1
eBook Packages: Computer ScienceComputer Science (R0)