TU Darmstadt / ULB / TUbiblio

Capturing Attention for Warnings about Insecure Password Fields - Systematic Development of a Passive Security Intervention

Kolb, Nina and Bartsch, Steffen and Volkamer, Melanie and Vogt, Joachim (2014):
Capturing Attention for Warnings about Insecure Password Fields - Systematic Development of a Passive Security Intervention.
In: Human Aspects of Information Security, Privacy, and Trust. HAS 2014. Lecture Notes in Computer Science, Springer, Cham, Heraklion, Greece, 8533, ISBN 978-3-319-07620-1,
DOI: 10.1007/978-3-319-07620-1_16,
[Conference or Workshop Item]

Abstract

Eavesdropping on passwords sent over insecure connections still poses a significant threat to Web users. Current measures to warn about insecure connections in browsers are often overlooked or ignored. In this paper, we systematically design more effective security interventions to indicate insecure connections in combination with password requests. We focus on catching the attention of the user with the proposed security interventions. We comparatively evaluate the three developed interventions using eye-tracking and report how effective these options are in the context of three different website designs. We find that one of the options – red background of the password field – captures significantly more attention than the others, but is less linked to the underlying problem than the yellow warning triangle option. Thus, we recommend a combination of the two options.

Item Type: Conference or Workshop Item
Erschienen: 2014
Creators: Kolb, Nina and Bartsch, Steffen and Volkamer, Melanie and Vogt, Joachim
Title: Capturing Attention for Warnings about Insecure Password Fields - Systematic Development of a Passive Security Intervention
Language: English
Abstract:

Eavesdropping on passwords sent over insecure connections still poses a significant threat to Web users. Current measures to warn about insecure connections in browsers are often overlooked or ignored. In this paper, we systematically design more effective security interventions to indicate insecure connections in combination with password requests. We focus on catching the attention of the user with the proposed security interventions. We comparatively evaluate the three developed interventions using eye-tracking and report how effective these options are in the context of three different website designs. We find that one of the options – red background of the password field – captures significantly more attention than the others, but is less linked to the underlying problem than the yellow warning triangle option. Thus, we recommend a combination of the two options.

Title of Book: Human Aspects of Information Security, Privacy, and Trust. HAS 2014. Lecture Notes in Computer Science
Volume: 8533
Publisher: Springer, Cham
ISBN: 978-3-319-07620-1
Uncontrolled Keywords: Security, Usability and Society;Secure Data
Divisions: LOEWE > LOEWE-Zentren > CASED – Center for Advanced Security Research Darmstadt
20 Department of Computer Science > SECUSO - Security, Usability and Society
Profile Areas > Cybersecurity (CYSEC)
LOEWE > LOEWE-Zentren
20 Department of Computer Science
Profile Areas
LOEWE
Event Location: Heraklion, Greece
Date Deposited: 28 Jul 2016 18:35
DOI: 10.1007/978-3-319-07620-1_16
Identification Number: TUD-CS-2014-0006
Related URLs:
Export:
Suche nach Titel in: TUfind oder in Google

Optionen (nur für Redakteure)

View Item View Item