Security Certificate Warnings Don't Work

angry tapir writes "In a laboratory experiment, researchers found that between 55 percent and 100 percent of participants ignored certificate security warnings, depending on which browser they were using (different browsers use different language to warn their users). The researchers first conducted an online survey of more than 400 Web surfers, to learn what they thought about certificate warnings. They then brought 100 people into a lab and studied how they surf the Web. They found that people often had a mixed-up understanding of certificate warnings. For example, many thought they could ignore the messages when visiting a site they trust, but that they should be more wary at less-trustworthy sites."

Re:'People' don't understand computers

[Goaway]

Yeah, it's kind of sad how regular people are expecting us programmers to have our shit together.

Re:'People' don't understand computers

[TinBromide]

some day, in the far off future of October 1st, 1993, 'people' will understand computers and all of this tomfoolery will cease to be a problem. The internet will revert to civilized discourse for the propagation of knowledge and ideas.

*Checks watch* Any day now...

Re:No shit

[kabloom]

Challenge/response authentication using a credit card number and PIN as the encryption key. Let the bank issue the challenge, have the e-commerce site pass that right on to the browser. Let the browser do the encryption, and pass it all back to the bank via the site.

Re:Mac

I then use the 'I have a Mac, I am invincible' attitude, which is dangerous of course.

You should upgrade to the "I run Linux, I am invincible" attitude. 5% safer, 95% more smugness! (And some of it's actually justifiable. Disclosure: I run Linux and believe myself to be invincible.)

And the obligatory...