Browser security warning redesigned with partial success

[steven36]

How to make users understand a browser's SSL warning, and make them choose the link that will lead them away from a site that has been deemed unsafe for use?

A group of Google researchers have had the opportunity to test the recommendation from warning literature. The text should be simple, non-technical, brief, and specific, and promote a clear course of action - by creating a new SSL warning. They tested it on a limited number of users, and it was finally implemented in version 37 of Google's popular freeware browser Chrome.

Ultimately, they failed at making the warning more understandable to regular users, but have almost doubled the percentage of users who chose not to proceed to the potentially unsafe site.

Of the following three SSL warnings, the first (the Chrome 37 warning) was heeded by 30.9 percent of users, the second (a failed new design) by 32.1 percent, and the last (the successful redesign) by 58.3 percent of the users :

"Adherence in the field subsequently increased from 37% to 62%, meaning that millions of additional users a month choose to act safely due to our warning design changes," they noted, and attributed their success to opinionated design - the use of visual design cues to promote a recommended course of action and demote the unsafe choice - and not to a change in the text.

Source