Google improves security warnings design
Google improves security warnings design
Users become to ignore the Secure Sockets Layer’s warnings. This unsecure behavior challenged Google researchers to work on the alerts’ design that will make end-users to be more careful to visit unsecure sites.
Secure Sockets Layer protects end users’ online working sessions in different fields, from business level to personal correspondence, encrypting their connection and securing their sensitive data. When an end-user accesses an unsecure web site, the web browsers display SSL security warning. It may be a warning of a server-failed authentication, a site with a weak encryption or even a malicious attack.
Which alert is the best one?
A good SSL alert
- must supply understandable instructions,
- contain simply text
- be brief
- contain a simply design
- transmit a comprehensive message
Google focused on three major comprehension points:
- Visitors’ comprehension of the warning source;
- Sensitive data that could be put to the risk;
- The probability of perception of a false positive warning.
The result of the working team’s years of research is an alert’s design that is simple and visually easy to understand by the end-users, that is the best choice for their security.
The text is shorter and less technical, in order to read until the end of the warning message and an “Advanced” button was added bellow. This button shall give a more technical explanation of the issued problem.
This improved warning message shall guide end-users to make an intelligent and quick decision, which is do not go forward to a potentially dangerous malicious site, but go back to safety.
Nevertheless, site visitors may ignore Google security warnings, leave the browser and ignore other SSL security warnings, visiting the website anyway.
In the result of Google implementation of the new warning alert, it seems to be an improved end users’ security behavior.
However, there is a lot of work to do in this field. First and foremost, end-users have to educate themselves on SSL web-sites security provision.
-
November, 08Buffer overflow in OpenSSL exploited when validating X.509 certificates
-
September, 09A company’s brand represents trust and a promise to do right by its customers. It allows consumers to quickly make purchases without questioning whether they can trust the receiver.
-
August, 27This is to announce that CyberSSL will only be able to issue public SSL / TLS certificates with a lifespan of 398 days (a bit over 1 year). The change takes place starting with 1 September 2020.
-
September, 23We all love free public WiFi when we are travelling, ordering food in a restaurant, waiting for a job interview, doing internet banking, relaxing at a beach café or in a hotel lobby – it is so convenient! – but, so do criminals.