Andreas Sotirakopoulos ; Kirstie Hawkey ; Konstantin Beznosov

28 June 2010

Abstract: We recently replicated and extended a 2009 study that investigated the effectiveness of SSL warnings. The original study was conducted at CMU by Sunshine et al. [2], and we will refer to it as the CMU study. As in the CMU study, we required participants to perform a series of tasks; and we observed their reactions to SSL warnings that were presented to them. After they completed the tasks, we asked them to complete an online questionnaire where we asked about their reasoning behind their actions during the study’s tasks. We designed our experiment in such a way so as to mitigate some of the limitations of the prior work, including allowing participants to use their web browser of choice and recruiting a more representative user population. Our research is a work in progress, thus data collection and analysis are still underway. However, our preliminary analysis indicates interesting findings and differences with the findings of the CMU study. We have observed an impact of components we introduced in the study (i.e., broader population and usage of the browser of participant’s choice) on the results. We plan to have completed data collection and analysis by the time the poster session will be held.


Published in: A. Sotirakopoulos, K. Hawkey, and K. Beznosov. Poster: Validating and extending a study on the effectiveness of ssl warnings. Poster at Symposium on Usable Privacy and Security, 2010.: