Google reset SSL warning to be implanted in new Chrome browser

Google Browser for all unsafe URL access will be risk warning, but many users do not understand browser-based SSL warning, not to mention the access operation by warning. Google wants to change the status quo, spending years in interdisciplinary research on human responses to warning signals, and has developed its latest browser SSL warning.

surveys show that SSL the effectiveness of warnings is almost unrelated to security. In fact, theneed for anSSL warning to be simple and easy to read is increasingly confirmed - - both in terms of understanding and in terms of the design of the options, as well as a clear guide to the operation. In other words,SSL warnings need to be simplified.

A joint study by the University of Pennsylvania and Google points out that many sites rely onSSLcertificates help ensure that their online communications are confidential. SSLcertificates protect their e-mail, Twitter, and bank statements from eavesdropping or tampering during transmission[wosignCAlaunched afree of chargeSSLCertificateFor you to encrypt the website data]. The study combined the previous attempt to create a perfect combination of three cognitive classificationsSSLwarning of the results of the study. These three cognitive classifications are the user's perception of the threat source, the threat data, and the probability of false positives, respectively. The new study shows that even with the best practices established in the previous study, there is no change in the user's compliance with the warnings. By studying Google has noticed an effectiveSSLand integrates it into the latest version of theChromethe browser.

So far, most ssl " Span style= "font-family: Song body; COLOR: #666666 "> warning looks like security experts are looking at the security experts. For layman users, chrome36 and ie11 ssl warning almost meaningless:

• " ... The certificate provided by the server is issued by an entity that is not trusted by your operating system. "

• " The security certificate provided by this Web site is not issued by a trusted certification authority. "

Firefox has a slightly better warning than Google or Microsoft. Google believes this is because mozilla has been removed from version ssl " Span style= "font-family: Song body; COLOR: #666666 "> technical terminology in the warning.

Ideally, Google said, an effective ssl Browser warnings should enable users to make informed decisions, at the very least, to steer users away from potentially dangerous sites and back to a safe state. Google says there are about 66% chrome user ignores ssl warning. Ultimately, Google decided to develop a warning that users could easily understand and be willing to follow. In Google's own words, it should increase the level of warning comprehension and compliance.

Google believes that " Stubborn Design " concepts, or the use of visual pattern cues to promote the selected rate of suggested behavior, are the best way to improve the warning comprehension rate and compliance.

Therefore, the latest versionChromethe warnings in the browser will simply be displayed in red on a gray background ."your connection is not private", there will be a big engraved on the next' X 'the red lock pattern;Instead of continuing to stun the user's head with a bunch of complex and difficult security terms as before. Of course, under the main warning, Google will also attach a brief explanation, such as:"An attacker may be trying to steal your information from certain websites(such as: password, message, or credit card). "If you visit a link that is legallyCAinstitutions (such aswosignCA) issued bySSLWhen the certificate is encrypted, the browser displays a green security lock reminder link that is secure and can be accessed with confidence.

In addition to the warning, the user is encouraged to click on the large blue button, which will enable the user to " Return to security " . As long as the user is willing, you can also click on the less visible " advanced " link to see a more technical detail of the problem description, then follow another link ignoring the warning and continue to visit the site. The second step of this choice and the trouble it brings, Google said, also scared back the 2%~15% user.

Google says, " compliance with warnings from 37% rise to 62% , which means that millions of new users per month have chosen to operate safely due to our warning design changes. "

Google has taken similar measures against browser-based malware warnings last year. A study using psychology to build better browser warnings was followed by a new malware warning in its Chrome browser based on research results .

Google reset SSL warning to be implanted in new Chrome browser