QUT ePrints

Reinforcing bad behaviour : the misuse of security indicators on popular websites

Stebila, Douglas (2010) Reinforcing bad behaviour : the misuse of security indicators on popular websites. In Proceedings of the 22nd Australasian Conference on Computer-Human Interaction (OZCHI 2010), ACM, Queensland University of Technology, Brisbane, pp. 248-251.

View at publisher

Abstract

Before making a security or privacy decision, Internet users should evaluate several security indicators in their browser, such as the use of HTTPS (indicated via the lock icon), the domain name of the site, and information from extended validation certificates. However, studies have shown that human subjects infrequently employ these indicators, relying on other indicators that can be spoofed and convey no cryptographic assurances. We identify four simple security indicators that accurately represent security properties of the connection and then examine 125 popular websites to determine if the sites' designs result in correctly displayed security indicators during login. In the vast majority of cases, at least some security indicators are absent or suboptimal. This suggests users are becoming habituated to ignoring recommended security indicators.

Impact and interest:

0 citations in Scopus
Search Google Scholar™

Citation countsare sourced monthly from Scopus and Web of Science® citation databases.

These databases contain citations from different subsets of available publications and different time periods and thus the citation count from each is usually different. Some works are not in either database and no count is displayed. Scopus includes citations from articles published in 1996 onwards, and Web of Science® generally from 1980 onwards.

Citations counts from the Google Scholar™ indexing service can be viewed at the linked Google Scholar™ search.

Full-text downloads:

267 since deposited on 19 Nov 2010
117 in the past twelve months

Full-text downloadsdisplays the total number of times this work’s files (e.g., a PDF) have been downloaded from QUT ePrints as well as the number of downloads in the previous 365 days. The count includes downloads for all files if a work has more than one.

ID Code: 38650
Item Type: Conference Paper
Additional URLs:
Keywords: user education, security indicators, web browsers, HTTPS
ISBN: 9781450305020
Subjects: Australian and New Zealand Standard Research Classification > INFORMATION AND COMPUTING SCIENCES (080000) > DATA FORMAT (080400) > Data Encryption (080402)
Australian and New Zealand Standard Research Classification > INFORMATION AND COMPUTING SCIENCES (080000) > INFORMATION SYSTEMS (080600) > Computer-Human Interaction (080602)
Australian and New Zealand Standard Research Classification > TECHNOLOGY (100000) > COMMUNICATIONS TECHNOLOGIES (100500) > Computer Communications Networks (100503)
Divisions: Past > Schools > Computer Science
Past > QUT Faculties & Divisions > Faculty of Science and Technology
Past > Institutes > Information Security Institute
Copyright Owner: Copyright 2010 the author(s) and CHISIG
Deposited On: 19 Nov 2010 11:42
Last Modified: 01 Mar 2012 00:26

Export: EndNote | Dublin Core | BibTeX

Repository Staff Only: item control page