Gamifying Password Training Shows Security Benefits

Gamifying Password Training Shows Security Benefits
When picking passwords, users often fall back on certain insecure patterns, but good habits can be learned using simple games, a group of researchers find.

Passwords continue to be problematic for many companies because users tend to pick predictable combinations of letters, numbers, and symbols. Using a game for training can reinforce the rules for picking stronger passwords, a group of researchers from the India-based Tata Consulting Services stated in a presentation at the USENIX Symposium on Usable Privacy and Security on August 10 and in a report.


In a study with the company's 4,904 employees, the researchers found that an educational game — called Passworld — improved users' choice of passwords along several measurements, such as creating unique sequences of characters without duplicates or repeating patterns. The game required users to find a valuable artifact and then protect it using a strong set of gates, each of which represented a letter, number, or special symbol. 


While the game did not actually try to break the player's password, it did evaluate the user's choices against the list of rules, said Gokul Chettoor Jayakrishnan, a researcher with Tata Consultancy Services and one of the authors of the paper.


"We are not exclusively telling the users that this is a strong password, but at the end of the game, we are seeing whether the users learned the heuristics and produced more diverse passwords at the end," he says.


The game first tested the player's knowledge of the heuristics for strong password creation during a pretest, and then had the user play the game and create a password. Then it distracted the user with minigames, until the game tested the person's recall of the password. Finally, the game teste ..

Support the originator by clicking the read the rest link below.