End-User Understanding of Web Certificates - Year two
Users must decide which websites to trust and which to avoid. How can users know if a website is truly what it claims to be? This is a pivotal issue. When attackers can convince users to trust their sites, though phishing or other strategies, user security and privacy are easily compromised, malware can be downloaded, and infrastructure undermined.
Our plan is to conduct user studies to explore the understanding of browser-presented certificate information. We will conduct both qualitative studies, to explore understanding through observation and interviews, and larger quantitative studies, to statistically assess hypotheses. The partner would benefit from this work because they are concerned that users are currently not aware of the available certifications and need insight as to why this is.