Assessing Non-Visual SSL Certificates with Desktop and Mobile Screen Readers

Effective SSL warnings can point out network attacks or potential phishing sites. Much focus has been placed on tweaking text, colours, and symbols to improve users' comprehension and adhesion. These optimized visualizations do not necessarily aid people with visual disabilities who hear warnings rather than see them. To assess the non-visual aspects of these security warnings, we conducted an expert evaluation of Google Chrome and Mozilla Firefox's SSL certificate dialogues with JAWS and Apple VoiceOver screen readers. Our findings suggest that warnings are mostly unreadable with assistive technology and, when accessible, do not effectively describe threat sources, at-risk data, or false positives. Future work will explore the effectiveness of potential non-visual redesigns through usability studies with visually impaired screen reader users.