Improving SSL Warnings: Comprehension and Adherence
Venue
Proceedings of the Conference on Human Factors and Computing Systems, ACM (2015)
Publication Year
2015
Authors
Adrienne Porter Felt, Alex Ainslie, Robert W. Reeder, Sunny Consolvo, Somas Thyagaraja, Alan Bettes, Helen Harris, Jeff Grimes
BibTeX
Abstract
Browsers warn users when the privacy of an SSL/TLS connection might be at risk. An
ideal SSL warning would empower users to make informed decisions and, failing that,
guide confused users to safety. Unfortunately, users struggle to understand and
often disregard real SSL warnings. We report on the task of designing a new SSL
warning, with the goal of improving comprehension and adherence. We designed a new
SSL warning based on recommendations from warning literature and tested our
proposal with microsurveys and a field experiment. We ultimately failed at our goal
of a well-understood warning. However, nearly 30% more total users chose to remain
safe after seeing our warning. We attribute this success to opinionated design,
which promotes safety with visual cues. Subsequently, our proposal was released as
the new Google Chrome SSL warning. We raise questions about warning comprehension
advice and recommend that other warning designers use opinionated design.
