- From: Mike Beltzner <beltzner@mozilla.com>
- Date: Mon, 27 Nov 2006 15:01:36 -0500
- To: "Hallam-Baker, Phillip" <pbaker@verisign.com>
- Cc: "Amir Herzberg" <herzbea@macs.biu.ac.il>, "Michael(tm) Smith" <mikes@opera.com>, <public-wsc-wg@w3.org>
On 27-Nov-06, at 9:47 AM, Hallam-Baker, Phillip wrote:
>> Users care about security, and will more and more, thanks to
>> the phishers... but this does not mean, they have to
>> understand security mechanisms or indicators. As long as the
>> indicators and their use are simple and non-obtrusive, users
>> will use them.
>
> Any security indicator has to answer the question that the user is
> already asking.
>
> Does the user ask 'is this safe?' or do they ask 'is this Bizybank?' ?
Frankly, I don't think the user asks either of these questions. I
think the user first visits a website assuming that they are being
taken to the destination advertised by whatever link took them there
(ie: "Click [here] to go to Bizybank", or "Update [your profile at
Bizybank]!") The text of the link creates an expectation ("I'm going
to go to Bizybank!") and as long as the destination site minimally
confirms this expectation ("Welcome to Bizybank!") then the user
won't have any reason to be suspicious or ask any sort of question.
In fact, the next question they're most likely to ask is:
"Where do I go to update my profile?"
cheers,
mike
Received on Monday, 27 November 2006 20:02:20 UTC