Using data type based security alert dialogs to raise online security awareness

Max-Emanuel Maurer, Alexander De Luca, Sylvia Kempe
2011 Proceedings of the Seventh Symposium on Usable Privacy and Security - SOUPS '11  
When browsing the Internet, users are likely to be exposed to security and privacy threats -like fraudulent websites. Automatic browser mechanisms can protect them only to some extent. In other situations it is still important to raise the users' security awareness at the right moment. Passive indicators are mostly overlooked and blocking warnings are quickly dismissed by habituated users. In this work, we present a new concept of warnings that appear in-context, right next to data the user has
more » ... just entered. Those dialogs are displayed whenever critical data types -e.g. credit card data -are entered by the users into online forms. Since they do not immediately interrupt the users' interaction but appear right in the users' focus, it is possible to place important security information in a way that it can be easily seen. We implemented the concept as a Firefox plugin and evaluated it in a row of studies including two lab studies, one focus group and one real world study. Results show that the concept is very well accepted by the users and that with the plugin, especially non-expert participants were more likely to identify fraudulent (or phishing) websites than using the standard browser warnings. Besides this, we were able to gather interesting findings on warning usage.
doi:10.1145/2078827.2078830 dblp:conf/soups/MaurerLK11 fatcat:q7zl5w5grrevpn5ma3fu45cv3e