A Usability Evaluation of Let's Encrypt and Certbot

Tiefenau, Christian; Zezschwitz, Emanuel von; Häring, Maximilian; Krombholz, Katharina; Smith, Matthew

doi:10.1145/3319535.3363220

Cited by 20 publications

(13 citation statements)

References 25 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Although diverse previous experience is common [40] and thus ecologically valid, some assessment is needed: a different skill set can [3] but does not have to be [31] a great confounding factor. We agree with Tiefenau et al [44] that more work on reliably assessing IT skills is needed for reliable pre-screening or participant sample analysis.…”

Section: Participant Samplingsupporting

confidence: 87%

“…The experience stems mostly from the presented study but also incorporates the experience from a similar previous study [45]. Conclusions are compared to other similar summaries [26,31,44].…”

Section: Studies With It Professionals: Lessons Learnedmentioning

confidence: 99%

“…Such experiments therefore benefit from a detailed analysis of needed measurements before the experiments and during pilot testing. Most of them should then be measured and collected automatically during the task, as also observed by Tiefenau et al [44] (common examples include terminal records, browser histories, and action timings).…”

Section: Measurement Automationmentioning

confidence: 99%

See 2 more Smart Citations

Will You Trust This TLS Certificate?

2020

View full text Add to dashboard Cite

Flawed TLS certificates are not uncommon on the Internet. While they signal a potential issue, in most cases they have benign causes (e.g., misconfiguration or even deliberate deployment). This adds fuzziness to the decision on whether to trust a connection or not. Little is known about perceptions of flawed certificates by IT professionals, even though their decisions impact high numbers of end users. Moreover, it is unclear how much the content of error messages and documentation influences these perceptions. To shed light on these issues, we observed 75 attendees of an industrial IT conference investigating different certificate validation errors. We also analyzed the influence of reworded error messages and redesigned documentation. We find that people working in IT have very nuanced opinions, with trust decisions being far from binary. The self-signed and the name-constrained certificates seem to be over-trusted (the latter also being poorly understood). We show that even small changes in existing error messages can positively influence resource use, comprehension, and trust assessment. At the end of the article, we summarize lessons learned from conducting usable security studies with IT professionals.

show abstract

Section: Participant Samplingsupporting

confidence: 87%

Section: Studies With It Professionals: Lessons Learnedmentioning

confidence: 99%

Section: Measurement Automationmentioning

confidence: 99%

See 1 more Smart Citation

Will You Trust This TLS Certificate?

2020

View full text Add to dashboard Cite

show abstract

“…We were able to achieve both by using Flask a micro web framework written in Python [30]. The website was hosted on AWS [31] with certbot SSL certification [32]. Every new learner must register with the website and provide consent to use their registration information and performance assessment results for research purposes.…”

Section: E0a -The Web Applicationmentioning

confidence: 99%

'1e0a': A Computational Approach to Rhythm Training

Alben,

2021

Preprint

View full text Add to dashboard Cite

We present a computational assessment system that promotes the learning of basic rhythmic patterns. The system is capable of generating multiple rhythmic patterns with increasing complexity within various cycle lengths. For a generated rhythm pattern the performance assessment of the learner is carried out through the statistical deviations calculated from the onset detection and temporal assessment of a learner's performance. This is compared with the generated pattern, and their performance accuracy forms the feedback to the learner. The system proceeds to generate a new pattern of increased complexity when performance assessment results are within certain error bounds. The system thus mimics a learner-teacher relationship as the learner progresses in their feedback-based learning. The choice of progression within a cycle for each pattern is determined by a predefined complexity metric. This metric is based on a coded element model for the perceptual processing of sequential stimuli. The model earlier proposed for a sequence of tones and non-tones, is now used for onsets and silences. This system is developed into a webbased application and provides accessibility for learning purposes. Analysis of the performance assessments shows that the complexity metric is indicative of the perceptual processing of rhythm patterns and can be used for rhythm learning.

show abstract

“…It is understandable that the complexity of this problem requires patience and eventual alignment between the security literacy of the average user and the pace with which new security hazards are introduced into users' daily life [17,28]. Usable security has, for one, made noticeable advancements of warnings that users do actually heed in conformance with the security recommendations: avoiding phishy websites and questionable attachments [57], skipping unencrypted communication [75], warming up to multi-factor authentication [40], and following up on system updates [43]. Advancements such as adaptive strategies for getting accustomed to warnings and security advice also help users transition to an acceptable secure behavior [22,29].…”

Section: Introductionmentioning

confidence: 99%

Meaningful Context, a Red Flag, or Both? Users' Preferences for Enhanced Misinformation Warnings on Twitter

Sharevski¹,

Devine²,

Pieroni³

et al. 2022

Preprint

View full text Add to dashboard Cite

Warning users about misinformation on social media is not a simple usability task. Soft moderation has to balance between debunking falsehoods and avoiding moderation bias while preserving the social media consumption flow. Platforms thus employ minimally distinguishable warning tags with generic text under a suspected misinformation content. This approach resulted in an unfavorable outcome where the warnings "backfired" and users believed the misinformation more, not less. In response, we developed enhancements to the misinformation warnings where users are advised on the context of the information hazard and exposed to standard warning iconography. We ran an A/B evaluation with the Twitter's original warning tags in a 337 participant usability study. The majority of the participants preferred the enhancements as a nudge toward recognizing and avoiding misinformation. The enhanced warning tags were most favored by the politically left-leaning and to a lesser degree moderate participants, but they also appealed to roughly a third of the right-leaning participants. The education level was the only demographic factor shaping participants' preferences. We use our findings to propose user-tailored improvements in the soft moderation of misinformation on social media. CCS CONCEPTS• Security and privacy → Social aspects of security and privacy; Usability in security and privacy.

show abstract

A Usability Evaluation of Let's Encrypt and Certbot

Cited by 20 publications

References 25 publications

Will You Trust This TLS Certificate?

Will You Trust This TLS Certificate?

'1e0a': A Computational Approach to Rhythm Training

Meaningful Context, a Red Flag, or Both? Users' Preferences for Enhanced Misinformation Warnings on Twitter

Contact Info

Product

Resources

About