Gamification Techniques for Raising Cyber Security Awareness

  • Sam Scholefield
  • Lynsay A. ShepherdEmail author
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11594)


Due to the prevalence of online services in modern society, such as internet banking and social media, it is important for users to have an understanding of basic security measures in order to keep themselves safe online. However, users often do not know how to make their online interactions secure, which demonstrates an educational need in this area. Gamification has grown in popularity in recent years and has been used to teach people about a range of subjects. This paper presents an exploratory study investigating the use of gamification techniques to educate average users about password security, with the aim of raising overall security awareness. To explore the impact of such techniques, a role-playing quiz application (RPG) was developed for the Android platform to educate users about password security. Results gained from the work highlighted that users enjoyed learning via the use of the password application, and felt they benefitted from the inclusion of gamification techniques. Future work seeks to expand the prototype into a full solution, covering a range of security awareness issues.


Gamification Games-based learning Security awareness Usable security Human-centered cyber security 


  1. 1.
    Bhagavatula, C., Ur, B., Iacovino, K., Kywe, S., Cranor, L., Savvides, M.: Biometric authentication on iPhone and Android: usability, perceptions, and influences on adoption. In: Proceedings of the USEC 2015, 8 February 2015, San Diego, CA, pp. 1–10 (2015)Google Scholar
  2. 2.
    Shepherd, L.A., Archibald, J., Ferguson, R.I.: Perception of risky security behaviour by users: survey of current approaches. In: Marinos, L., Askoxylakis, I. (eds.) HAS 2013. LNCS, vol. 8030, pp. 176–185. Springer, Heidelberg (2013). Scholar
  3. 3.
    Shepherd, L.A., Archibald, J., Ferguson, R.I.: Assessing the impact of affective feedback on end-user security awareness. In: Tryfonas, T. (ed.) HAS 2017. LNCS, vol. 10292, pp. 143–159. Springer, Cham (2017). Scholar
  4. 4.
    Shepherd, L.A., Archibald, J.: Security awareness and affective feedback: categorical behaviour vs. reported behaviour. In: 2017 International Conference On Cyber Situational Awareness, Data Analytics And Assessment (Cyber SA), London, pp. 1–6 (2017)Google Scholar
  5. 5.
    Kelley, P.G., Bresee, J., Cranor, L.F., Reeder, R.W.: A nutrition label for privacy. In: Proceedings of the 5th Symposium on Usable Privacy and Security, p. 4. ACM (2009)Google Scholar
  6. 6.
    Canova, G., Volkamer, M., Bergmann, C., Borza, R.: NoPhish: an anti-phishing education app. In: Mauw, S., Jensen, C.D. (eds.) STM 2014. LNCS, vol. 8743, pp. 188–192. Springer, Cham (2014). Scholar
  7. 7.
    Furnell, S., Jusoh, A., Katsabas, D.: The challenges of understanding and using security: a survey of end-users. Comput. Secur. 25(1), 27–35 (2006)CrossRefGoogle Scholar
  8. 8.
    Shay, R., et al.: A spoonful of sugar? In: Proceedings of the 33rd Annual ACM Conference on Human Factors in Computing Systems - CHI 2015, pp. 2903–2912 (2015)Google Scholar
  9. 9.
    De Carné De Carnavalet, X., Mannan M.: A large-scale evaluation of high-impact password strength meters. ACM Trans. Inf. Syst. Secur. 18(1), Article no. 1 (2015)Google Scholar
  10. 10.
    Egelman, S., Sotirakopoulos, A., Muslukhov, I., Beznosov, K., Herley, C.: Does my password go up to eleven? In: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems - CHI 2013, pp. 2379–2388 (2013)Google Scholar
  11. 11.
    Ciampa, M.: A comparison of password feedback mechanisms and their impact on password entropy. Inf. Manag. Comput. Secur. 21(5), 344–359 (2013)CrossRefGoogle Scholar
  12. 12.
    Witte, K.: Putting the fear back into fear appeals: the extended parallel process model. Commun. Monogr. 59(4), 329–349 (1992)CrossRefGoogle Scholar
  13. 13.
    Vance, A., Eargle, D., Ouimet, K., Straub, D.: Enhancing password security through interactive fear appeals: a web-based field experiment. In: 2013 46th Hawaii International Conference on System Sciences, pp. 2988–2997 (2013)Google Scholar
  14. 14.
    Growth Engineering: What is the Definition of Gamification and What Does it Mean? (2018).
  15. 15.
    Marczewski, A.: 52 Gamification Mechanics and Elements. Gamified UK - #Gamification Expert (2018).
  16. 16.
    Zichermann, G., Cunningham, C.: Gamification by Design: Implementing Game Mechanics in Web and Mobile Apps. O’Reilly, Sebastopol (2011)Google Scholar
  17. 17.
    Duolingo: Learn a language for free (2018).
  18. 18.
    ClassDojo: Learn all about ClassDojo (2018).
  19. 19.
    Ibanez, M., Di-Serio, A., Delgado-Kloos, C.: Gamification for engaging computer science students in learning activities: a case study. IEEE Trans. Learn. Technol. 7(3), 291–301 (2014)CrossRefGoogle Scholar
  20. 20.
    O’Donovan, S., Gain, J., Marais, P.: A case study in the gamification of a university-level games development course. In: Proceedings of the South African Institute for Computer Scientists and Information Technologists Conference, pp. 242–251. ACM (2013)Google Scholar
  21. 21.
    LearningWorks for Kids: Webonauts Internet Academy - LearningWorks for Kids (2019).
  22. 22. Cybersecurity Lab | NOVA Labs | PBS (2019).
  23. 23. The Cybersecurity Lab - Educator Guide | NOVA Labs | PBS (2019).
  24. 24.
    TrueKey: World Password Day Game (2017).
  25. 25.
    Jin, G., Tu, M., Kim, T., Heffron, J., White, J.: Evaluation of game-based learning in cybersecurity education for high school students. J. Educ. Learn. (EduLearn) 12(1), 150 (2018)CrossRefGoogle Scholar
  26. 26.
    Coull, N., et al.: On the use of serious games technology to facilitate large-scale training in cybercrime response. In: European Police Science and Research Bulletin, Special Conference Edition, no. 3, pp. 123–130 (2017)Google Scholar
  27. 27.
  28. 28.
    Canova, G., Volkamer, M., Bergmann, C., Reinheimer, B.: NoPhish app evaluation: lab and retention study. In: NDSS Workshop on Usable Security, pp. 1–10 (2015)Google Scholar
  29. 29.
    Statista: Number of mobile phone users worldwide 2015–2020 | Statista (2019).
  30. 30.
    Gómez-Pérez, E., Ostrosky-Solís, F.: Attention and memory evaluation across the life span: heterogeneous effects of age and education. J. Clin. Exp. Neuropsychol. 28(4), 477–494 (2006)CrossRefGoogle Scholar
  31. 31.
    StatCounter Global Stats: Mobile Operating System Market Share Worldwide | StatCounter Global Stats (2018).
  32. 32.
    Pomazan, A.: Fantasy Medieval Character Pack - Asset Store (2018).
  33. 33.
    Furnell, S., Thomson, K.: Recognising and addressing ‘security fatigue’. Comput. Fraud Secur. 2009(11), 7–11 (2009)CrossRefGoogle Scholar
  34. 34.
    Herley, C.: So long, and no thanks for the externalities: the rational rejection of security advice by users. In: Proceedings of the 2009 workshop on New security Paradigms Workshop, pp. 133–144. ACM, September 2009Google Scholar
  35. 35.
    Domínguez, A., Saenz-de-Navarrete, J., de-Marcos, L., Fernández-Sanz, L., Pagés, C., Martínez-Herráiz, J.: Gamifying learning experiences: Practical implications and outcomes. Comput. Educ. 63, 380–392 (2013)CrossRefGoogle Scholar
  36. 36.
    Ur, B., et al.: How does your password measure up? The effect of strength meters on password creation. In: Security 2012 Proceedings of the 21st USENIX Conference on Security Symposium (2012)Google Scholar
  37. 37.
    Dehn, D., Van Mulken, S.: The impact of animated interface agents: a review of empirical research. Int. J. Hum Comput Stud. 52(1), 1–22 (2000)CrossRefGoogle Scholar
  38. 38.
    Parker, L., Lepper, M.: Effects of fantasy contexts on children’s learning and motivation: Making learning more fun. J. Pers. Soc. Psychol. 62(4), 625–633 (1992)CrossRefGoogle Scholar
  39. 39.
    Okan, Z.: Edutainment: is learning at risk? Br. J. Edu. Technol. 34(3), 255–264 (2003)CrossRefGoogle Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  1. 1.School of Design and InformaticsAbertay UniversityDundeeUK

Personalised recommendations