I don't trust the results of lab usability studies. One of the big problems is that a subject comes into a lab expecting to see stuff that is flaky. So they are primed to ignore warnings.
Another side of this is that usability methodology has been developed to sell stuff. That is why the priority for Apple was to get the user comfortable in 15 mins. That is a typical length for a sales pitch. The whole usability world has evolved around the first impression of the user and not the long term response. But the academics are really happy with a paradigm that allows them to get papers published on the basis of cheap, easy to run studies. I agree that a security signal needs to be much more than a different address bar color. I would take over the whole browser window for a transitional. On Thu, Feb 16, 2012 at 4:29 PM, Paul Lambert <[email protected]> wrote: > > > > >>I'd also like to go on the record that I think a visual indicator to >>the user that shows a cert is valid only under local policy is a >>fantastic idea and I support it wholeheartedly. Of course UI is hard, >>especially with this opaque a topic to an average user, but I still >>think giving it a shot is a good idea. > > A similar usage of colors - with poor results: > http://www.usablesecurity.org/papers/jackson.pdf > > Is local policy more or less secure to the user? I'd say more ... -- Website: http://hallambaker.com/ _______________________________________________ therightkey mailing list [email protected] https://www.ietf.org/mailman/listinfo/therightkey
