Online security involves user decision-making, so it is important to support users in this process. One important decision users face involves website identity, in order to avoid fraudulent sites. Sophisticated fraudulent sites avoid detection by using familiar names and replicated appearance, and they are active too briefly for safe browsing services to be effective. In these circumstances, website certificate identity information can help users detect fraudulent cites. In this paper we report on two studies to assess how well users are supported in this process by the Google Chrome browser. We first worked with usability evaluators and then conducted a study with real users. 70% of participants chose a fraudulent website before a 5min tutorial. After it, 100% correctly identified the proper website. With a little support, users were able to understand and apply certificate information. We suggest that a little better design, and some brief education, would benefit users.

Additional Metadata
Keywords developing mental models, online web certificates, Security, user understanding
Persistent URL dx.doi.org/10.1109/PST.2018.8514166
Conference 16th Annual Conference on Privacy, Security and Trust, PST 2018
Citation
Stojmenović, M. (Milica), & Biddle, R. (2018). Hide-and-Seek with Website Identity Information. In 2018 16th Annual Conference on Privacy, Security and Trust, PST 2018. doi:10.1109/PST.2018.8514166