Article

The Emperor's New Security Indicators

Authors:

Stuart E. Schechter,

Rachna Dhamija,

Andy Ozment,

Ian FischerAuthors Info & Claims

SP '07: Proceedings of the 2007 IEEE Symposium on Security and Privacy

Pages 51 - 65

https://doi.org/10.1109/SP.2007.35

Published: 20 May 2007 Publication History

Publisher Site

Abstract

We evaluate website authentication measures that are designed to protect users from man-in-the-middle, "phishing', and other site forgery attacks. We asked 67 bank customers to conduct common online banking tasks. Each time they logged in, we presented increasingly alarming clues that their connection was insecure. First, we removed HTTPS indicators. Next, we removed the participant's site-authentication image-the customer-selected image that many websites now expect their users to verify before entering their passwords. Finally, we replaced the bank's password-entry page with a warning page. After each clue, we determined whether participants entered their passwords or withheld them. We also investigate how a study's design affects participant behavior: we asked some participants to play a role and others to use their own accounts and passwords. We also presented some participants with security-focused instructions. We confirm prior findings that users ignore HTTPS indicators: no participants withheld their passwords when these indicators were removed. We present the first empirical investigation of site-authentication images, and we find them to be ineffective: even when we removed them, 23 of the 25 (92%) participants who used their own accounts entered their passwords. We also contribute the first empirical evidence that role playing affects participants' security behavior: role-playing participants behaved significantly less securely than those using their own passwords.

Cited By

View all

Berens BSchaub FMossano MVolkamer M(2024)Better Together: The Interplay Between a Phishing Awareness Video and a Link-centric Phishing Support ToolProceedings of the 2024 CHI Conference on Human Factors in Computing Systems10.1145/3613904.3642843(1-60)Online publication date: 11-May-2024
https://dl.acm.org/doi/10.1145/3613904.3642843
Windl MScheidle AGeorge CMayer SKelley PKapadia A(2023)Investigating security indicators for hyperlinking within the metaverseProceedings of the Nineteenth USENIX Conference on Usable Privacy and Security10.5555/3632186.3632219(605-620)Online publication date: 7-Aug-2023
https://dl.acm.org/doi/10.5555/3632186.3632219
Zheng SBecker IKelley PKapadia A(2023)Checking, nudging or scoring? evaluating e-mail user security tools76Proceedings of the Nineteenth USENIX Conference on Usable Privacy and Security10.5555/3632186.3632190(57-76)Online publication date: 7-Aug-2023
https://dl.acm.org/doi/10.5555/3632186.3632190
Show More Cited By

Index Terms

The Emperor's New Security Indicators

Recommendations

The emperor's new password manager: security analysis of web-based password managers
SEC'14: Proceedings of the 23rd USENIX conference on Security Symposium

We conduct a security analysis of five popular web-based password managers. Unlike "local" password managers, web-based password managers run in the browser. We identify four key security concerns for web-based password managers and, for each, identify ...
Investigating security indicators for hyperlinking within the metaverse
SOUPS '23: Proceedings of the Nineteenth USENIX Conference on Usable Privacy and Security

Security indicators, such as the padlock icon indicating SSL encryption in browsers, are established mechanisms to convey secure connections. Currently, such indicators mainly exist for browsers and mobile environments. With the rise of the metaverse, we ...
Indicators of wellbeing in recreational video game players
OzCHI '15: Proceedings of the Annual Meeting of the Australian Special Interest Group for Computer Human Interaction

Video game play is a popular entertainment choice, yet we have a limited understanding of the potential wellbeing benefits associated with recreational play. An online survey (final sample, n = 297) addresses this by investigating how the player ...

Comments

Information & Contributors

Information

Published In

SP '07: Proceedings of the 2007 IEEE Symposium on Security and Privacy

May 2007

362 pages

ISBN:0769528481

Publisher

IEEE Computer Society

United States

Publication History

Published: 20 May 2007

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

154
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 19 Oct 2024

Other Metrics

View Author Metrics

Citations

Cited By

View all

Berens BSchaub FMossano MVolkamer M(2024)Better Together: The Interplay Between a Phishing Awareness Video and a Link-centric Phishing Support ToolProceedings of the 2024 CHI Conference on Human Factors in Computing Systems10.1145/3613904.3642843(1-60)Online publication date: 11-May-2024
https://dl.acm.org/doi/10.1145/3613904.3642843
Windl MScheidle AGeorge CMayer SKelley PKapadia A(2023)Investigating security indicators for hyperlinking within the metaverseProceedings of the Nineteenth USENIX Conference on Usable Privacy and Security10.5555/3632186.3632219(605-620)Online publication date: 7-Aug-2023
https://dl.acm.org/doi/10.5555/3632186.3632219
Zheng SBecker IKelley PKapadia A(2023)Checking, nudging or scoring? evaluating e-mail user security tools76Proceedings of the Nineteenth USENIX Conference on Usable Privacy and Security10.5555/3632186.3632190(57-76)Online publication date: 7-Aug-2023
https://dl.acm.org/doi/10.5555/3632186.3632190
Stegman JTrottier PHillier CKhan HMannan MCalandrino JTroncoso C(2023)"My privacy for their security"Proceedings of the 32nd USENIX Conference on Security Symposium10.5555/3620237.3620438(3583-3600)Online publication date: 9-Aug-2023
https://dl.acm.org/doi/10.5555/3620237.3620438
Vardhan RChandrawal AChinprutthiwong PZhang YGu G(2023)#DM-Me: Susceptibility to Direct Messaging-Based ScamsProceedings of the 2023 ACM Asia Conference on Computer and Communications Security10.1145/3579856.3582815(494-508)Online publication date: 10-Jul-2023
https://dl.acm.org/doi/10.1145/3579856.3582815
Francis EMonroe ASidnam-Mauch EIvancsics BWashington EMcGregor SBonneau JCaine K(2023)Transparency, Trust, and Security Needs for the Design of Digital News Authentication ToolsProceedings of the ACM on Human-Computer Interaction10.1145/35795347:CSCW1(1-44)Online publication date: 16-Apr-2023
https://dl.acm.org/doi/10.1145/3579534
Stojmenović MSpero EStojmenović MBiddle R(2022)What is Beautiful is SecureACM Transactions on Privacy and Security10.1145/353304725:4(1-30)Online publication date: 9-Jul-2022
https://dl.acm.org/doi/10.1145/3533047
Wang JShi JWen XXu LZhao KTao FZhao WQian X(2022)The effect of signal icon and persuasion strategy on warning design in online fraudComputers and Security10.1016/j.cose.2022.102839121:COnline publication date: 1-Oct-2022
https://dl.acm.org/doi/10.1016/j.cose.2022.102839
Franz AZimmermann VAlbrecht GHartwig KReuter CBenlian AVogt JChiasson S(2021)SoKProceedings of the Seventeenth USENIX Conference on Usable Privacy and Security10.5555/3563572.3563590(339-357)Online publication date: 9-Aug-2021
https://dl.acm.org/doi/10.5555/3563572.3563590
Zhang ZZhang ZYuan HBarbosa NDas SWang YChiasson S(2021)WebAllyProceedings of the Seventeenth USENIX Conference on Usable Privacy and Security10.5555/3563572.3563587(281-297)Online publication date: 9-Aug-2021
https://dl.acm.org/doi/10.5555/3563572.3563587
Show More Cited By

Abstract

Cited By

Index Terms

Recommendations

The emperor's new password manager: security analysis of web-based password managers

Investigating security indicators for hyperlinking within the metaverse

Indicators of wellbeing in recreational video game players

Comments

Information

Published In

Publisher

Publication History

Qualifiers

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

View options

Figures

Other

Share

Share this Publication link

Share on social media

Affiliations