Yue Huang, Borke Obada-Obieh, and Konstantin Beznosov, University of British Columbia
This paper reports the challenges that users experienced and their concerns regarding the Chrome compromised credentials notification. We adopted a two-step approach to uncover the issues of the notification, including qualitatively analyzing users' online comments and conducting semi-structured interviews with participants who had received the notification. We found that users' issues with the notification are associated with five core aspects of the notification: the authenticity of the notification, data breach incidents, Google's knowledge of users' compromised credentials, multiple accounts being associated with one notification, and actions recommended by the notification. We also identified the detailed challenges and concerns users had regarding each aspect of the notification. Based on the results, we offer suggestions to improve the design of browser-based compromised credential notifications to support users in better protecting their online accounts.
Open Access Media
USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.
author = {Yue Huang and Borke Obada-Obieh and Konstantin Beznosov},
title = {Users{\textquoteright} Perceptions of Chrome Compromised Credential Notification},
booktitle = {Eighteenth Symposium on Usable Privacy and Security (SOUPS 2022)},
year = {2022},
isbn = {978-1-939133-30-4},
address = {Boston, MA},
pages = {155--174},
url = {https://www.usenix.org/conference/soups2022/presentation/huang},
publisher = {USENIX Association},
month = aug
}
