Exploring Website Location as a Security Indicator
Der-Yeuan Yu, Elizabeth Stobert, David Basin, Srdjan Capkun
TL;DR
This paper investigates how website location information influences user security decisions, proposing a location-based security indicator and evaluating its impact on user behavior through qualitative and user study methods.
Contribution
It introduces a novel security indicator based on website location and assesses its effectiveness in influencing user decision-making.
Findings
Users are less likely to perform security-sensitive tasks when alerted to location changes.
Website location can serve as an effective security indicator.
Users accept location information as part of security decision-making.
Abstract
Authenticating websites is an ongoing problem for users. Recent proposals have suggested strengthening current server authentication methods by incorporating website location as a comprehensible additional trust factor. In this work, we explore users' acceptance of location information and how it affects decision-making for security and privacy. We conducted a series of qualitative interviews to learn how location can be integrated into users' decision-making for security, and we designed a security indicator to alert the user to changes in website locations. We evaluated our tool in a 44-participant user study and found that users were less likely to perform security-sensitive tasks when alerted to location changes. Our results suggest that website location can be used as an effective indicator for users' security assessments.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsPrivacy, Security, and Data Protection · User Authentication and Security Systems · Spam and Phishing Detection