Web browsers allow users to access aspects of the Internet via the World Wide Web. Nearly all types of transactions can occur online today: banking, shopping, education, communication, etc. Web browsers facilitate the completion of these transactions, but they also provide a means of keeping one's personal information private. When users attempt to send information through the World Wide Web for some operation, the web browser displays a security warning informing the user that they may be doing something unsafe. These displays, however, are often unhelpful, vague or inappropriate. Thus, users become frustrated and quickly learn to ignore or remove these warnings. By evaluating various interface designs, it should be possible to determine what design methods are effective for security applications in web browsers.
This project serves to develop methods of security interface design that will capture the user's attention without interfering too heavily in their work. To accomplish this, I plan on constructing an application that generates security messages of a different design and determines its usefulness. Users will be confronted with displays of a different color, size or shape, depending upon the severity of the security problem that arises due to the action they try to accomplish. The effectiveness of these displays will also be tracked to try to determine how long it takes before they are ignored or turned off. The results of this evaluation should serve to help create a set of design rules for web browser security interfaces. It may also be possible to apply this study to other security applications since they also suffer from the same interface issues as web browsers.
As more and more services become available on the Internet, the issue of online security gains importance. The World Wide Web, a common method for interacting with the Internet, provides mechanisms for people to take advantage of many services: accessing bank accounts, purchasing materials, conducting research, etc. Web browsers, software used to access the Web, also provide protection against security vulnerabilities online. However, current web browser security messages lack meaningful content and often display in inappropriate situations, interrupting the user unnecessarily. Thus, users learn to ignore or remove the messages, even though they may be helpful in certain situations. Web browsers utilize security policies to determine when to display security warnings but currently they are too generic. Before developing stronger policies, some mechanism to regain user attention should be in place or the policies may be ineffective. This thesis project evaluated alternate designs for security warnings. The results illustrate that attracting a user’s attention in appropriate situations is difficult. Simply modifying the format or layout of a security message is not sufficient to capture the user’s attention and sustain it. Combining new warning designs with stricter policies and promotion of user education in security should help users become aware and alert of their computing environment.