CFA/Security-Research/WarningMessages
From MozillaWiki
< CFA | Security-Research
« Comparative Feature Analyses
« Security Notes
« Security Research
Contents
Current Capabilities
- Show a warning dialog when
- I am about to view an encrypted page.
- I am about to view a page that uses low-grade encryption
- I leave an encrypted page for one that isn't encrypted
- I submit information that's not encrypted
- I'm about to view an encrypted page that contains some unencrypted information
- Lock icon is crossed out, and address bar turns red
Upcoming Capabilities
Features by 3rd parties or other browsers
- Fix my settings - instantly reset internet security settings to "medium-high" default by clicking option in Information Bar. The browser warns user with Information Bar when current security settings may put you at risk. The bar continues to remind you as long as settings remain unsafe. Internet Control Panel highlights critical items in red when they are unsafely configured. (IE7)
- Show a warning dialog when sending form data by email (iCab)
Additional features
- Secure Defaults/No Security Pop-ups - remove security pop-ups because users are trained to click on the default button to complete their task. Use secure defaults instead, and only provide notifications at the top of the browser (FF brainstorm)
- Bookmarklets - warn users when attempting to bookmark javascript code (FF brainstorm)
Screenshots
Conclusions
- Users have been trained to close warning messages as soon as they see them (whack-a-mole), so using a less obtrusive warning message at the top of the browser in place of a pop-up would be more delightful to users
