Although users want web browsers that keep them safe on the Web from phishing, malware, and web irritants such as popups, they'll stubbornly click through warnings dialogs, ignore security indicators, and generally behave in reckless and dangerous ways in order to complete their tasks. Who could blame them? Historically the techniques used in web browsers to communicate to users about security has been a rogues' gallery for the User Interface Hall of Shame. Security indicators are out of the way and hard to interpret, terminology is relentlessly confusing, and the responsibility for who decides what is safe and what isn't is tossed into the user's lap like a hot potato.

A good security UI must balance obviousness with unintrusiveness, convey clarity in reasonable size, and reflect complexity with simplicity. Quite a challenge.

The W3C, the Firefox UI design team, and other researchers have been working to improve the current situation. This talk will showcase current ideas and discuss future directions.