Using gamification to improve information security behavior: a password strength experiment

Jacques Ophoff; Frauke Dietz

doi:10.1007/978-3-030-23451-5_12

Using gamification to improve information security behavior: a password strength experiment

Jacques Ophoff^*, Frauke Dietz

^*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

Information security emphasizes the importance of motivating end users to improve their security behavior towards protecting their private and organizational information assets. Password authentication is widely used as a user authentication method to safeguard information resources from unauthorized access. Despite its prevalence password best practice is not often followed and the use of weak passwords persist. Although password strength feedback mechanisms commonly aim to extrinsically motivate users to improve their password creating behavior, it is not yet clear how other methods, specifically gamification, influences security behavior regarding password creation behavior. The purpose of this study is to examine the effect gamification on user information security behavior, specifically regarding password creation. This study presents results from an online experiment of 232 respondents, who interacted with two different password strength feedback methods, namely a meter feedback method and a gamified feedback method using gamification points. A significant difference between the methods was found when measuring password strength using the number of guesses needed to crack the password, with the points method resulting in stronger passwords. The results of the study reveal that gamified feedback can lead to increased engagement and stronger password creation.

Original language	English
Title of host publication	Information security education
Subtitle of host publication	education in proactive information security: 12th IFIP WG 11.8 world conference WISE 12, Lisbon, Portugal, June 25–27, 2019, proceedings
Editors	Lynette Drevin, Marianthi Theocharidou
Place of Publication	Cham
Publisher	Springer
Pages	157-169
Number of pages	13
ISBN (Electronic)	9783030234515
ISBN (Print)	9783030234508
DOIs	https://doi.org/10.1007/978-3-030-23451-5_12
Publication status	Published - 19 Jun 2019
Externally published	Yes
Event	12th World Conference on Information Security Education: Education in Proactive Information Security - Lisbon, Portugal Duration: 25 Jun 2019 → 27 Jun 2019 Conference number: 12th

Publication series

Name	IFIP Advances in Information and Communication Technology (IFIPAICT)
Publisher	Springer
Volume	557
ISSN (Print)	1868-4238
ISSN (Electronic)	1868-422X

Conference

Conference	12th World Conference on Information Security Education
Abbreviated title	WISE 12
Country	Portugal
City	Lisbon
Period	25/06/19 → 27/06/19

Fingerprint

Cite this

Ophoff, J., & Dietz, F. (2019). Using gamification to improve information security behavior: a password strength experiment. In L. Drevin, & M. Theocharidou (Eds.), Information security education: education in proactive information security: 12th IFIP WG 11.8 world conference WISE 12, Lisbon, Portugal, June 25–27, 2019, proceedings (pp. 157-169). (IFIP Advances in Information and Communication Technology (IFIPAICT); Vol. 557). Springer. https://doi.org/10.1007/978-3-030-23451-5_12

Ophoff, Jacques ; Dietz, Frauke. / Using gamification to improve information security behavior : a password strength experiment. Information security education: education in proactive information security: 12th IFIP WG 11.8 world conference WISE 12, Lisbon, Portugal, June 25–27, 2019, proceedings. editor / Lynette Drevin ; Marianthi Theocharidou. Cham : Springer, 2019. pp. 157-169 (IFIP Advances in Information and Communication Technology (IFIPAICT)).

@inproceedings{b0c1814b200845118955fdf118001ff3,

title = "Using gamification to improve information security behavior: a password strength experiment",

abstract = "Information security emphasizes the importance of motivating end users to improve their security behavior towards protecting their private and organizational information assets. Password authentication is widely used as a user authentication method to safeguard information resources from unauthorized access. Despite its prevalence password best practice is not often followed and the use of weak passwords persist. Although password strength feedback mechanisms commonly aim to extrinsically motivate users to improve their password creating behavior, it is not yet clear how other methods, specifically gamification, influences security behavior regarding password creation behavior. The purpose of this study is to examine the effect gamification on user information security behavior, specifically regarding password creation. This study presents results from an online experiment of 232 respondents, who interacted with two different password strength feedback methods, namely a meter feedback method and a gamified feedback method using gamification points. A significant difference between the methods was found when measuring password strength using the number of guesses needed to crack the password, with the points method resulting in stronger passwords. The results of the study reveal that gamified feedback can lead to increased engagement and stronger password creation.",

author = "Jacques Ophoff and Frauke Dietz",

year = "2019",

month = jun

day = "19",

doi = "10.1007/978-3-030-23451-5_12",

language = "English",

isbn = "9783030234508",

series = "IFIP Advances in Information and Communication Technology (IFIPAICT)",

publisher = "Springer",

pages = "157--169",

editor = "Lynette Drevin and Marianthi Theocharidou",

booktitle = "Information security education",

note = "12th World Conference on Information Security Education : Education in Proactive Information Security, WISE 12 ; Conference date: 25-06-2019 Through 27-06-2019",

}

Ophoff, J & Dietz, F 2019, Using gamification to improve information security behavior: a password strength experiment. in L Drevin & M Theocharidou (eds), Information security education: education in proactive information security: 12th IFIP WG 11.8 world conference WISE 12, Lisbon, Portugal, June 25–27, 2019, proceedings. IFIP Advances in Information and Communication Technology (IFIPAICT), vol. 557, Springer, Cham, pp. 157-169, 12th World Conference on Information Security Education, Lisbon, Portugal, 25/06/19. https://doi.org/10.1007/978-3-030-23451-5_12

Using gamification to improve information security behavior : a password strength experiment. / Ophoff, Jacques; Dietz, Frauke.

Information security education: education in proactive information security: 12th IFIP WG 11.8 world conference WISE 12, Lisbon, Portugal, June 25–27, 2019, proceedings. ed. / Lynette Drevin; Marianthi Theocharidou. Cham : Springer, 2019. p. 157-169 (IFIP Advances in Information and Communication Technology (IFIPAICT); Vol. 557).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

TY - GEN

T1 - Using gamification to improve information security behavior

T2 - 12th World Conference on Information Security Education

AU - Ophoff, Jacques

AU - Dietz, Frauke

N1 - Conference code: 12th

PY - 2019/6/19

Y1 - 2019/6/19

N2 - Information security emphasizes the importance of motivating end users to improve their security behavior towards protecting their private and organizational information assets. Password authentication is widely used as a user authentication method to safeguard information resources from unauthorized access. Despite its prevalence password best practice is not often followed and the use of weak passwords persist. Although password strength feedback mechanisms commonly aim to extrinsically motivate users to improve their password creating behavior, it is not yet clear how other methods, specifically gamification, influences security behavior regarding password creation behavior. The purpose of this study is to examine the effect gamification on user information security behavior, specifically regarding password creation. This study presents results from an online experiment of 232 respondents, who interacted with two different password strength feedback methods, namely a meter feedback method and a gamified feedback method using gamification points. A significant difference between the methods was found when measuring password strength using the number of guesses needed to crack the password, with the points method resulting in stronger passwords. The results of the study reveal that gamified feedback can lead to increased engagement and stronger password creation.

AB - Information security emphasizes the importance of motivating end users to improve their security behavior towards protecting their private and organizational information assets. Password authentication is widely used as a user authentication method to safeguard information resources from unauthorized access. Despite its prevalence password best practice is not often followed and the use of weak passwords persist. Although password strength feedback mechanisms commonly aim to extrinsically motivate users to improve their password creating behavior, it is not yet clear how other methods, specifically gamification, influences security behavior regarding password creation behavior. The purpose of this study is to examine the effect gamification on user information security behavior, specifically regarding password creation. This study presents results from an online experiment of 232 respondents, who interacted with two different password strength feedback methods, namely a meter feedback method and a gamified feedback method using gamification points. A significant difference between the methods was found when measuring password strength using the number of guesses needed to crack the password, with the points method resulting in stronger passwords. The results of the study reveal that gamified feedback can lead to increased engagement and stronger password creation.

U2 - 10.1007/978-3-030-23451-5_12

DO - 10.1007/978-3-030-23451-5_12

M3 - Conference contribution

AN - SCOPUS:85068334372

SN - 9783030234508

T3 - IFIP Advances in Information and Communication Technology (IFIPAICT)

SP - 157

EP - 169

BT - Information security education

A2 - Drevin, Lynette

A2 - Theocharidou, Marianthi

PB - Springer

CY - Cham

Y2 - 25 June 2019 through 27 June 2019

ER -

Ophoff J, Dietz F. Using gamification to improve information security behavior: a password strength experiment. In Drevin L, Theocharidou M, editors, Information security education: education in proactive information security: 12th IFIP WG 11.8 world conference WISE 12, Lisbon, Portugal, June 25–27, 2019, proceedings. Cham: Springer. 2019. p. 157-169. (IFIP Advances in Information and Communication Technology (IFIPAICT)). https://doi.org/10.1007/978-3-030-23451-5_12

Access to Document

10.1007/978-3-030-23451-5_12

Ophoff_UsingGamificationToImproveInformationSecurity_Accepted_2019Accepted author manuscript, 341 KB