Table A2.
Summary of approaches to improving security warnings.
| Authors | Descriptions |
|---|---|
| Polymorphic | |
| Brustoloni and Villamarín-Salomón (2007) | They designed polymorphic dialogues using context-sensitive guidance (CSG) to help users in making a security decision. |
| Anderson et al. (2015) | They designed new security warnings using a polymorphic warning to combat habituation. |
| Amran (2017) | He proposed security warnings using polymorphic warning changes utilising the five variations to reduce the habituation effect. |
| Vance et al. (2017) | They implemented four design variations in the experiment utilising pictorial symbols, background colour, jiggle and zoom animations, and zoom. |
| Audited Dialogues | |
| Brustoloni and Villamarin-Salomon (2007) | They proposed audited dialogues to improve the decision-making process among users. |
| Interactive Design | |
| Raja et al. (2011) | They designed the warnings using physical security metaphors such as locks, keys, doors, and walls to improve security warnings. |
| Zhang-Kennedy et al. (2016) | They introduce the systematic five phases of an iterative model (ADDIE) that stands for analyse, design, develop, implement and evaluate. |
| Webber et al. (2015) | They implemented the iterative design using participatory design (PD) method. This method is often used as an iterative process aiming at enhancing the product over a specific amount of time and multiple steps. |
| Mental Model | |
| Wash (2011) | He identified eight different mental models that guided home computer users in making security decisions. |
| Blythe and Camp (2012) | They used mental model simulation to decide whether to back up files, checked against the ‘vandal’ model of hackers (above) and the ‘burglar’ model. |
| Bravo-Lillo et al. (2011) | They introduced the mental model differences between advanced and novice users’ perceptions towards security warnings. |
| Attractors & Thermal Feedback | |
| Bravo-Lillo et al. (2013) | They proposed the use of attractors to attract users’ attention to an information field (salient field). |
| Wilson et al. (2017) | They improved security warnings using thermal feedback where it significantly inherited links to emotion and danger. |
| Adaptive Security Dialogues (ASD) | |
| Keukelaere et al. (2009) | They utilised the ASD to catch the user’s attention when opening a potentially dangerous email attachment. In ASD, various level of user risk is addressed and correspondingly adapted to their dialogue’s implementation. |
| Facial Cues | |
| Eargle et al. (2016) | They integrated the facial cues of threat into security warnings to attract end users’ attention. In this approach, validated images of facial expressions including fear and disgust were integrated into the security warning design, which are efficient cues of danger in the immediate environment. |
| Alternative Security Dialogues-Kawai | |
| Minakawa and Takada (2017) | The proposed alternative security warning dialogues integrated with “Kawaii” effects utilising the animations and audio. |
| Console Security Feedback or Advice | |
| Gorski et al. (2018) | They proposed the API integrated security advice warning to significantly fixed participants’ insecure code. |
| Gorski et al. (2020) | They utilized the security feedback where it should be transcended tools and flexible enough by the software developers over different development tools. |