Using gamification to improve information security behavior: a password strength experiment

Jacques Ophoff*, Frauke Dietz

*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceedingConference contribution

6 Citations (Scopus)
187 Downloads (Pure)


Information security emphasizes the importance of motivating end users to improve their security behavior towards protecting their private and organizational information assets. Password authentication is widely used as a user authentication method to safeguard information resources from unauthorized access. Despite its prevalence password best practice is not often followed and the use of weak passwords persist. Although password strength feedback mechanisms commonly aim to extrinsically motivate users to improve their password creating behavior, it is not yet clear how other methods, specifically gamification, influences security behavior regarding password creation behavior. The purpose of this study is to examine the effect gamification on user information security behavior, specifically regarding password creation. This study presents results from an online experiment of 232 respondents, who interacted with two different password strength feedback methods, namely a meter feedback method and a gamified feedback method using gamification points. A significant difference between the methods was found when measuring password strength using the number of guesses needed to crack the password, with the points method resulting in stronger passwords. The results of the study reveal that gamified feedback can lead to increased engagement and stronger password creation.

Original languageEnglish
Title of host publicationInformation security education
Subtitle of host publicationeducation in proactive information security: 12th IFIP WG 11.8 world conference WISE 12, Lisbon, Portugal, June 25–27, 2019, proceedings
EditorsLynette Drevin, Marianthi Theocharidou
Place of PublicationCham
Number of pages13
ISBN (Electronic)9783030234515
ISBN (Print)9783030234508
Publication statusPublished - 19 Jun 2019
Externally publishedYes
Event12th World Conference on Information Security Education: Education in Proactive Information Security - Lisbon, Portugal
Duration: 25 Jun 201927 Jun 2019
Conference number: 12th

Publication series

NameIFIP Advances in Information and Communication Technology (IFIPAICT)
ISSN (Print)1868-4238
ISSN (Electronic)1868-422X


Conference12th World Conference on Information Security Education
Abbreviated titleWISE 12


  • Information security behavior
  • Gamification
  • Authentication
  • Password strength feedback


Dive into the research topics of 'Using gamification to improve information security behavior: a password strength experiment'. Together they form a unique fingerprint.

Cite this