[LINK] Security efforts hindered by untrained users
Matthew Sullivan
matthew at sorbs.net
Thu Jan 31 18:21:52 AEDT 2008
Howard Lowndes wrote:
>
>
> Stilgherrian wrote:
>> On 31/1/08 7:51 AM, "Matthew Sullivan" <matthew at sorbs.net> wrote:
>>
>>> Stilgherrian wrote:
>>
>>>> No. Having worked a lot with relative naïve users over the years, I
>>>> can
>>>> report that any dialog which gets in the way of them achieving
>>>> their aim
>>>> simply isn't read. Since so many dialogs are meaningless (to them),
>>>> and
>>>> their world does not immediately cave in, hitting "OK" is a reflex
>>>> action.
>>>>
>>>> They click "OK" without reading what the dialog says.
>>>>
>>>> Even if they did read the message, because they'd be being asked
>>>> for every
>>>> link, the vast majority of which would be legitimate, that click
>>>> would soon
>>>> become reflex if it wasn't already.
>>>>
>>> What you have to remember is that the user doesn't see 'Ok' or 'Cancel'
>>> they just see one button that says:
>>>
>>> "Press this to make it work."
>>
>> That, Sir, is EXACTLY the best way of putting it!
>
> Easily fixed. Put a large Cancel button in the same obvious place on
> the screen, and the minuscule OK button randomly hidden elsewhere.
>
Netscape's ever moving 'Accept this certificate' button proved that it
doesn't work.
Regards,
Mat
More information about the Link
mailing list