Problems with the current user interface from Close, Tyler J. on 2006-12-08 (public-wsc-wg@w3.org from December 2006)

From: Close, Tyler J. <tyler.close@hp.com>
Date: Fri, 8 Dec 2006 17:10:07 -0600
To: "W3 Work Group" <public-wsc-wg@w3.org>
Message-ID: <08CA2245AFCF444DB3AC415E47CC40AF508CFA@G3W0072.americas.hpqcorp.net>

I think our first public Note should also specifically call out the
problems we see with the current display of security context
information. I think this will help us understand the problem we are
trying to solve and encourage us to pull expertise from the many
phishing studies that have been done.

I have started a list at:

http://www.w3.org/2006/WSC/wiki/NoteProblemsWithCurrentUserInterface

The initial text of the wiki page is:

This section lists problems with the display of security context
information in current web browsers. Entries in this section should be
culled for user interface studies, and so be accompanied by citations.

Problems with current user interface

    * No chrome area versus page area distinction in user's mind
    * Users ignore the chrome area
    * The chrome area is spoofable
    * Passwords are reused across distinct web sites
    * Domain names are incorrectly read, or interpreted, by users
    * Users assume that a http: URL reliably connects to the indicated
domain name
    * Certificates Authorities, or certificates, can be readily
substituted

Tyler

Received on Friday, 8 December 2006 23:10:29 UTC