Nowadays, cybersecurity is as essential as it is ubiquitous. End-users have to be willing and able participants in the protection of their information. In order to ensure user compliance with data protection, the mechanisms put in place must be easy to use and, thus, it is essential to keep the user in mind when conceiving them.
User acquiescence to compliance can be achieved through enjoyment. That is, by ensuring that users have some fun while interfacing with devices that require authentication, users are more likely to be compliant and more accurate in their use of cybersecurity measures. Games can offer this possibility.
When it comes to password memorization, the use of games addresses a variety of memory-related problems. According to the Picture Superiority Effect, visual game-based passwords should be easier to remember than alphanumeric ones. The Picture Superiority Effect refers to the finding that memory is typically better for pictures than other types of information, including words.
In this article, Connor Lennan, Philip Manning and Samantha Tuft from the Cleveland State University proposed a mnemonic variant of password security in which users place game pieces at various positions on a game board to create passwords. The authors choose Chess and Monopoly as they were two very distinct games. Two experiments were conducted:
- In Experiment 1, 131 participants’ use of two game-based passwords across three different age groups (high school, Younger adult and older adult) during a single session were analyzed.
- In Experiment 2, 33 participants’ use of multiple game-based passwords across 24 sessions over ten weeks were analyzed.
In both experiments, participants were given either an iPod Touch or an iPad Mini and were asked to create a password that they thought was secure and that they would use. After the participants created their passwords, there was a 10–20 min delay during which participants were asked to complete a questionnaire about games and passwords. After the delay, participants were asked to re-enter their password.
The results of Experiment 1 showed that high school students, younger adults, and older adults could all remember game-based passwords reasonably well. Additionally, although high school students and younger adults were significantly faster at correctly entering their passwords using an iPod Touch compared to older adults, this was not the case when using an iPad Mini.
The results of Experiment 2 showed that participants’ accuracy for remembering multiple game-based passwords over ten weeks was on an average of 82%. Initially, participants’ accuracy for multiple game-based passwords was poor (54%), but performance quickly improved with practice. Moreover, when participants changed games and created new passwords, their performance was significantly better than the first time they entered their passwords.
The Game Changer Password System is a new way of thinking about password security, one that is informed by cognitive psychology. Storing passwords in game positions offers an alternative to alphanumeric systems that can be hard for users. The practical need for users to remember multiple passwords and to change them periodically can lead to a blurring of passwords or user frustration.
Cite: Lennan, C. T., Manning, P and Tuft, S. E.(2017). An evaluation of the Game Changer Password System: A new approach to password security. International Journal of Human-Computer Studies, 100, 1-17.
