Aug 23, 2017 · 1 min read
> Page was accessed from outside the current tab OR from an insecure (untrusted) site either within or outside the current tab
I can think of lots of instances (a page opened from a link that was target=”blank”, links opened from email/IM) etc where this would throw up a “caution” sign inappropriately. Too many of those and the user might be inclined to ignore the warning entirely.
Rather than try to create a new set of rules to capture all edge cases, as you’ve tried to do, we need better education around phishing and what the Secure padlock actually means.
