User Identification Using Games

  • Oliver BuckleyEmail author
  • Duncan Hodges
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9750)


There is a significant shift towards a digital identity and yet the most common means of user authentication, username and password pairs, is an imperfect system. In this paper we present the notion of using videogames, specifically Tetris, to supplement traditional authentication methods and provide an additional layer of identity validation. Two experiments were undertaken that required participants to play a modified version of Tetris; the first experiment with a randomly ordered set of pieces and the second with the pieces appearing in a fixed order. The results showed that even simple games like Tetris demonstrate significant complexity in the available game states and that while some users displayed repeatable strategic behaviour, others were effectively random in their behaviours exhibiting no discernible strategy or repeatable behaviour. However, some pieces and gameboard scenarios encouraged users to exhibit behaviours that are more unique than others.


Game State Enrolment Phase Board State User Validation Digital Identity 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Gehringer, E.F.: Choosing passwords: security and human factors. In: 2002 International Symposium on Technology and Society (ISTAS 2002), pp. 369–373. IEEE (2002)Google Scholar
  2. 2.
    TechRadar: Hackers using advanced phishing attack to steal Google passwords (2014). Accessed on 21 Jan 2016
  3. 3.
    Welivesecurity: Secure password: CyberVor hoard of 1.2 billion details ‘used in attack’ (2014). Accessed on 21 Jan 2016
  4. 4.
    Naked Security: Prince William photos accidentially reveal RAF password (2012). Accessed on 21 Jan 2016
  5. 5.
    Tetris (2016). Accessed on 02 Feb 2016
  6. 6.
    Dodson, J., Hodges, D., Witty, M., Creese, S.: Does personality and security expertise predict password strength? Selected Papers of Internet Research 4 (2014)Google Scholar
  7. 7.
    Brown, A.S., Bracken, E., Zoccoli, S., King, D.: Generating and remembering passwords. Appl. Cogn. Psychol. 18, 641–651 (2004)CrossRefGoogle Scholar
  8. 8.
    Whitty, M., Doodson, J., Creese, S., Hodges, D.: Individual differences in cyber security behaviors: an examination of who is sharing passwords. Cyberpsychology Behav. Soc. Networking 18(1), 3–7 (2015)CrossRefGoogle Scholar
  9. 9.
    Jermyn, I., Mayer, A.J., Monrose, F., Reiter, M.K., Rubin, A.D., et al.: The design and analysis of graphical passwords. In: USENIX Security (1999)Google Scholar
  10. 10.
    Suo, X., Ying Zhu, G., Owen, S.: Graphical passwords: a survey. In: 21st Annual Computer Security Applications Conference, p. 10. IEEE (2005)Google Scholar
  11. 11.
    Biddle, R., Chiasson, S., Van Oorschot, P.C.: Graphical passwords: learning from the first twelve years. ACM Comput. Surv. (CSUR) 44(4), Article no. 19 (2012)Google Scholar
  12. 12.
    Devlin, M., Nurse, J.R.C., Hodges, D., Goldsmith, M., Creese, S.: Predicting graphical passwords. In: Tryfonas, T., Askoxylakis, I. (eds.) HAS 2015. LNCS, vol. 9190, pp. 23–35. Springer, Heidelberg (2015)CrossRefGoogle Scholar
  13. 13.
    Delac, K., Grgic, M.: A survey of biometric recognition methods. In: 2004 Proceedings of the 46th International Symposium on Electronics in Marine, Elmar 2004, pp. 184–193. IEEE (2004)Google Scholar
  14. 14.
    Rebera, A.P., Bonfanti, M.E., Venier, S.: Societal and ethical implications of anti-spoofing technologies in biometrics. Sci. Eng. Ethics 20(1), 155–169 (2013)CrossRefGoogle Scholar
  15. 15.
    Rodrigues, R.N., Ling, L.L., Govindaraju, V.: Robustness of multimodal biometric fusion methods against spoof attacks. J. Vis. Lang. Comput. 20, 169–179 (2009)CrossRefGoogle Scholar

Copyright information

© Springer International Publishing Switzerland 2016

Authors and Affiliations

  1. 1.Centre for Cyber Security and Information SystemsCranfield University, Defence Academy of the United KingdomSwindonUK

Personalised recommendations