'SSL?! What on earth is that?': Towards Designing Age-Inclusive Secure Smartphone Browsing

Owing to the increase in 'certified' phishing websites, there is a steady increase in the number of phishing cases and general susceptibility to phishing. Trust mechanisms (e.g., HTTPS Lock Indicators, SSL Certificates) that help differentiate genuine and phishing websites should therefore be evaluated for their effectiveness in preventing vulnerable users from accessing phishing websites. In this article, we present a study involving 18 adults (male-6; female-12) and 12 older adults (male-4; female-8) to understand the usability of current trust mechanisms and preferred modalities in a conceptualized mechanism. In the first part of the study, using Chrome browser on Android, we asked the participants to browse a banking website and a government website for digital particulars. We asked them to identify which one of the two was a phishing website, rate the usability of both websites and provide qualitative feedback on the trust mechanisms. In the second part, we conceptualized an alternative trust mechanism, which allows seeking social, community and AI-based support to make website trust-related decisions. Herein, we asked the participants as to which modality (social, community or AI) they prefer to seek support from and why it is preferred. Using the current trust mechanisms, none of the participants were able to identify the phishing website. As the participants rated the current mechanisms poorly in terms of usability, they expressed various difficulties that largely did not differ between adults and older adults. In the conceptualized mechanism, we observed a notable difference in the preferred modalities, in that, older adults primarily preferred social support. In addition to these overall findings, specific observations suggest that future trust mechanisms should not only consider age-specific needs but also incorporate substantial improvement in terms of usability.