Kolb, Nina ; Bartsch, Steffen ; Volkamer, Melanie ; Vogt, Joachim (2014)
Capturing Attention for Warnings about Insecure Password Fields - Systematic Development of a Passive Security Intervention.
Heraklion, Greece
doi: 10.1007/978-3-319-07620-1_16
Konferenzveröffentlichung, Bibliographie
Kurzbeschreibung (Abstract)
Eavesdropping on passwords sent over insecure connections still poses a significant threat to Web users. Current measures to warn about insecure connections in browsers are often overlooked or ignored. In this paper, we systematically design more effective security interventions to indicate insecure connections in combination with password requests. We focus on catching the attention of the user with the proposed security interventions. We comparatively evaluate the three developed interventions using eye-tracking and report how effective these options are in the context of three different website designs. We find that one of the options – red background of the password field – captures significantly more attention than the others, but is less linked to the underlying problem than the yellow warning triangle option. Thus, we recommend a combination of the two options.
| Typ des Eintrags: | Konferenzveröffentlichung |
|---|---|
| Erschienen: | 2014 |
| Autor(en): | Kolb, Nina ; Bartsch, Steffen ; Volkamer, Melanie ; Vogt, Joachim |
| Art des Eintrags: | Bibliographie |
| Titel: | Capturing Attention for Warnings about Insecure Password Fields - Systematic Development of a Passive Security Intervention |
| Sprache: | Englisch |
| Publikationsjahr: | Juni 2014 |
| Verlag: | Springer, Cham |
| Buchtitel: | Human Aspects of Information Security, Privacy, and Trust. HAS 2014. Lecture Notes in Computer Science |
| Band einer Reihe: | 8533 |
| Veranstaltungsort: | Heraklion, Greece |
| DOI: | 10.1007/978-3-319-07620-1_16 |
| Zugehörige Links: | |
| Kurzbeschreibung (Abstract): | Eavesdropping on passwords sent over insecure connections still poses a significant threat to Web users. Current measures to warn about insecure connections in browsers are often overlooked or ignored. In this paper, we systematically design more effective security interventions to indicate insecure connections in combination with password requests. We focus on catching the attention of the user with the proposed security interventions. We comparatively evaluate the three developed interventions using eye-tracking and report how effective these options are in the context of three different website designs. We find that one of the options – red background of the password field – captures significantly more attention than the others, but is less linked to the underlying problem than the yellow warning triangle option. Thus, we recommend a combination of the two options. |
| Freie Schlagworte: | Security, Usability and Society;Secure Data |
| ID-Nummer: | TUD-CS-2014-0006 |
| Fachbereich(e)/-gebiet(e): | LOEWE > LOEWE-Zentren > CASED – Center for Advanced Security Research Darmstadt 20 Fachbereich Informatik > SECUSO - Security, Usability and Society Profilbereiche > Cybersicherheit (CYSEC) LOEWE > LOEWE-Zentren 20 Fachbereich Informatik Profilbereiche LOEWE |
| Hinterlegungsdatum: | 28 Jul 2016 18:35 |
| Letzte Änderung: | 30 Mai 2018 12:53 |
| PPN: | |
| Zugehörige Links: | |
| Export: | |
| Suche nach Titel in: | TUfind oder in Google |
 |
Frage zum Eintrag |
Optionen (nur für Redakteure)
 |
Redaktionelle Details anzeigen |
Drucken
Impressum