Gamifying authentication

  title={Gamifying authentication},
  author={Christien Kroeze and Martin S. Olivier},
  journal={2012 Information Security for South Africa},
The fields of security and usability often conflict with each other. Security focuses on making systems difficult for attackers to compromise. However, doing this also increases difficulty for the user. Users in security are often seen as an obstacle - they are the weakest point of the system, willing to circumvent security policies in order to access their work faster. A large part of security is authentication: knowing who a user of a system is and denying access to unauthenticated users… 

Figures from this paper

Giving Motivation for Using Secure Credentials through User Authentication by Game
This work attaches a role-playing game function to pattern-based user authentication, and provides an incentive to users through user authentication to motivate users to use secure credentials.
CMAPS: A Chess-Based Multi-Facet Password Scheme for Mobile Devices
A Chess-based MAPS (CMAPS) for Android systems is implemented, and user studies show that CMAPS can achieve high recall rates while exceeding the security strength of standard 8-character alphanumeric passwords used for secure applications.
Better, Funner, Stronger: A Gameful Approach to Nudge People into Making Less Predictable Graphical Password Choices
This paper presents GamePass, a gamified mechanism that integrates the GUA password creation process and provides the first evidence that it is possible to nudge people towards better password choices by gamifying the process.
You Are How You Play: Authenticating Mobile Users via Game Playing
Cognitive abilities are caught through the users’ performance to small games, which replicated the classical attentional paradigms of cognitive psychology, and show that these games can be used as a two-factors authentication mechanism on smartphones.
PassGame: Robust Shoulder-Surfing Resistance Through Challenge-Response Authentication
PassGame can offer extremely high shoulder-surfing resistance, even against camera attacks, at some cost to usability, and weak PassGame passwords cannot be shoulder-Surfed even after viewing 5 complete recorded password entries, and strong passwords are resilient even againstcamera attacks.
Eye-GUAna: Higher Gaze-Based Entropy and Increased Password Space in Graphical User Authentication Through Gamification
Results show that people who follow a gamified approach have higher gaze-based entropy, as they fixate on more image areas and for longer periods, and thus, they have an increased effective password space, which could lead to better and less predictable password choices.
SSETGami: Secure Software Education Through Gamification
This research created gamelike learning modules to teach top vulnerabilities and countermeasures for these top vulnerabilities in secure web developments including SQL injection, broken authentication and session management, cross site scripting, insecure direct object references, etc.
The aim of this thesis is to study the relation between game elements, user and riskful behavior (context) in order to understand which game elements has a positive/negative effect on the users in which context.
Out to Explore the Cybersecurity Planet
  • G. Bella
  • Computer Science
    Journal of Intellectual Capital
  • 2020
The author makes the (metaphorical) hypothesis that humans arrived on Earth along with security ceremonies from a very far planet, the Cybersecurity planet, in that studying the surface of Cybersecurity in combination with the logical projection on that surface of what happens on Earth is beneficial for us earthlings.
Gamification for Teaching and Learning Computer Security in Higher Education
The design and evaluation of a gamified computer security module, with a unique approach to assessed learning activities, was presented, and ultimately the increased satisfaction was not found to have statistical significance on quantitative measurements of motivation.


Influencing users towards better passwords: persuasive cued click-points
This work uses persuasion to influence user choice in click-based graphical passwords, encouraging users to select more random, and hence more secure, click-points in the Cued Click-Points graphical password scheme.
Taking a graphical approach to the password
Graphical passwords might work in isolated scenarios but not in the mass market, and the necessary training and user support for the new approach are expensive, said Marc Boroditsky, CEO of Passlogix, a computer-security firm that offers graphical- passwords.
Transforming the ‘Weakest Link’ — a Human/Computer Interaction Approach to Usable and Effective Security
It is concluded that existing human/computer interaction knowledge and techniques can be used to prevent or address these problems, and outline a vision of a holistic design approach for usable and effective security.
The Design and Analysis of Graphical Passwords
This work proposes and evaluates new graphical password schemes that exploit features of graphical input displays to achieve better security than text-based passwords and describes the prototype implementation of one of the schemes on a personal digital assistants (PDAs) namely the Palm PilotTM.
Persuasion as Education for Computer Security
The Persuasive Authentication Framework is presented, which applies persuasive technology to authentication mechanisms and some examples of how the framework can be applied to existing authentication systems are described.
Password memorability and security: empirical results
To determine how to help users choose good passwords, the authors performed a controlled trial of the effects of giving users different kinds of advice.
Security in computing
Users are not the enemy
It is argued that to change this state of affairs, security departments need to communicate more with users, and adopt a usercentered design approach.
Helping users create and remember more secure text passwords
This doctoral research will attempt to improve password memorability by providing implicit feedback and cueing to users as they login and developing password rehearsal games that persuade users to employ established memory aids to assist them in remembering more secure passwords.
In search of usable security: five lessons from the field
A real-world example providing five general lessons for usable, secure system design is provided, revealing a new system reduces the time to enroll in a secure wireless network by two orders of magnitude.