Yue Huang ; Borke Obada-Obieh ; Konstantin Beznosov

17 June 2022

Abstract: This paper reports the challenges that users experienced and their concerns regarding the Chrome compromised credentials notification. We adopted a two-step approach to uncover the issues of the notification, including qualitatively analyzing users' online comments and conducting semi-structured interviews with participants who had received the notification. We found that users’ issues with the notification are associated with five core aspects of the notification: the authenticity of the notification, data breach incidents, Google's knowledge of users' compromised credentials, multiple accounts being associated with one notification, and actions recommended by the notification. We also identified the detailed challenges and concerns users had regarding each aspect of the notification. Based on the results, we offer suggestions to improve the design of browser-based compromised credential notifications to support users in better protecting their online accounts.

Keyword(s): Chrome's compromised credential notification ; Security and privacy concerns ; Risk mitigation strategies

Published in: Yue Huang, Borke Obada-Obieh, and Konstantin Beznosov, Users' Perceptions of Chrome’s Compromised Credential Notification, In Eighteenth Symposium on Usable Privacy and Security (SOUPS 2022):