The user also has good general strategies.
For example, he said he'd worry more about sites with sensitive information like
his bank or his credit card, but with Twitter, he's not too worried.
That's a great strategy.
But if he were, for example, to be facing a man in the middle attack where someone
would hijack his password and potentially his email address that he uses to log in.
If that password's repeated,
he actually could make a lot of his accounts vulnerable.
So his strategies are good,
but because he doesn't understand what the possible security risks are,
and they're not communicated to him by this error in a way he can understand,
he may make himself vulnerable if he were to go around this error.
And finally, the error message that Firefox shows relies on a lot of
information that the average user doesn't understand.
The example user we have here is actually quite computer savvy, but
he didn't understand a lot of the technical terms and jargon.
He doesn't understand what security certificates are.
How they work.
When they expire.
What that means.
And how they can be spoofed,
or inaccurate credentials can be sent to allow an attack.