Security Certificate Warnings Don’t Work. angry tapir writes “In a laboratory experiment, researchers found that between 55 percent and 100 percent of participants ignored certificate security warnings, depending on which browser they were using (different browsers use different language to warn their users). The researchers first conducted an online survey of more than 400 Web surfers, to learn what they thought about certificate warnings. They then brought 100 people into a lab and studied how they surf the Web. They found that people often had a mixed-up understanding of certificate warnings. For example, many thought they could ignore the messages when visiting a site they trust, but that they should be more wary at less-trustworthy sites.“
Read more of this story at Slashdot.
Every time I’ve encountered a certificate warning it’s been for a perfectly valid but self-issued certificate. If the people in the experiment have had similar experiences, it’s not surprising they would have gotten into the habit of ignoring the warnings.