Indicating something is not secure
Description
An alert icon in the search bar is a visual cue that suggests to the user that data shared between the server and the browser is not secure. If the communication between the server and browser is broken, messages can be intercepted. They can then be used in phishing attacks or other hacks.
If a website does not have a valid certificate, issued by certificate authorities, most web browsers (Chrome, Firefox, Safari or Microsoft Edge), will show the user an alert icon and the text ‘Not secure’ next to the URL. At IF, we think this is a better pattern than Indicating something is secure, but still inadequate by itself.
Advantages
- Users don’t have to understand the underlying technology to see that a service may be risky to use.
- Users are likely to spot an alert icon as it looks different to what they’re used to seeing: most sites don’t have one, as they’re secure.
Limitations
- A small icon in a browser search bar is often not enough, and not proportionate to the risks of using sites that are not secure.
- Explaining why this matters is complicated.
- Even if it alerts users that the connection is not secure, many users might keep using it anyway because they don’t fully understand the risks.
- There’s an ongoing question about the fairness of expecting end users to understand enough about information security to assess risks and make decisions.
Examples
Was this pattern useful?