Authenticating websites is an ongoing problem for users. Recent proposals have suggested strengthening current server authentication methods by incorporating website location as a comprehensible additional trust factor. In this work, we explore users' acceptance of location information and how it affects decision-making for security and privacy. We conducted a series of qualitative interviews to learn how location can be integrated into users' decision-making for security, and we designed a security indicator to alert the user to changes in website locations. We evaluated our tool in a 44-participant user study and found that users were less likely to perform security-sensitive tasks when alerted to location changes. Our results suggest that website location can be used as an effective indicator for users' security assessments.
@article{arxiv.1610.03647,
title = {Exploring Website Location as a Security Indicator},
author = {Der-Yeuan Yu and Elizabeth Stobert and David Basin and Srdjan Capkun},
journal= {arXiv preprint arXiv:1610.03647},
year = {2018}
}
Comments
13 pages, 4 figures, 7 tables. Published at the 2018 NDSS Workshop on Usable Security (USEC)