Itô is not about the design - Itô is about the content! making warnings more efficient by communicating risks appropriately
Most studies in usable security research aim at a quantification of persons, who - depending on the subject - fall for phishing, pass on their password, download malicious software and so on. In contrast, little research is done to identify the reasons for such insecure behavior. Within this paper, the result of a laboratory study is presented in which participants were confronted with different certificate warnings. Those warnings were presented when the participants tried to access different websites with different criticality (online banking, online shopping, social networks and information sites). Besides quantitative analyses of participants who were willing to use a websites despite the warning, the main focus of this work is to identify reasons for their decision. As a result of our study those risks are identified which were unacceptable for most participants to take and thereby might help to prevent unsecure usage behavior in the web by rewording warnings according to the perceived risks.
Full Text: PDF