Google improves security warnings design

Google improves security warnings design

Users become to ignore the Secure Sockets Layer’s warnings. This unsecure behavior challenged Google researchers to work on the alerts’ design that will make end-users to be more careful to visit unsecure sites.

Secure Sockets Layer protects end users’ online working sessions in different fields, from business level to personal correspondence, encrypting their connection and securing their sensitive data. When an end-user accesses an unsecure web site, the web browsers display SSL security warning.  It may be a warning of a server-failed authentication, a site with a weak encryption or even a malicious attack.

Which alert is the best one?

A good SSL alert

  1. must supply understandable instructions,
  2. contain simply text
  3. be brief
  4. contain a simply design
  5. transmit a comprehensive message

Google focused on three major comprehension points:

  1. Visitors’ comprehension of the warning source;
  2. Sensitive data that could be put to the risk;
  3. The probability of perception of a false positive warning.

The result of the working team’s years of research is an alert’s design that is simple and visually easy to understand by the end-users, that is the best choice for their security.

The text is shorter and less technical, in order to read until the end of the warning message and an “Advanced” button was added bellow. This button shall give a more technical explanation of the issued problem.

This improved warning message shall guide end-users to make an intelligent and quick decision, which is do not go forward to a potentially dangerous malicious site, but go back to safety.

Nevertheless, site visitors may ignore Google security warnings, leave the browser and ignore other SSL security warnings, visiting the website anyway.

In the result of Google implementation of the new warning alert, it seems to be an improved end users’ security behavior.

However, there is a lot of work to do in this field. First and foremost, end-users have to educate themselves on SSL web-sites security provision.