Skip to main content

GAP: A Game for Improving Awareness About Passwords

Part of the Lecture Notes in Computer Science book series (LNISA,volume 11243)


Text-based password is the most popular method for authenticating users on the internet. However, despite decades of security research, users continue to choose easy-to-guess passwords to protect their important online accounts. In this paper, we explore the potential of serious games to educate users about various features that negatively impact password security. Specifically, we designed a web-based casual game called GAP and assessed its impact by conducting a comparative user study with 119 participants. The study results show that participants who played GAP demonstrated improved performance in recognizing insecure password features than participants who did not play GAP. Besides having educational value, most of the participants also found GAP fun to play.


  • Serious games
  • Passwords
  • Security
  • Human factors

This is a preview of subscription content, access via your institution.

Buying options

USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
USD   39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions


  1. Casual Games Association: Casual Games Sector Report. Accessed 10 August 2018

  2. National Research Council, et al.: How People Learn: Bridging Research and Practice. National Academies Press, Washington, D.C. (1999)

    Google Scholar 

  3. Bowes, R.: Passwords. Accessed 10 August 2018

  4. de Carné de Carnavalet, X., Mannan, M.: From very weak to very strong: analyzing password-strength meters. In: NDSS 2014. Internet Society (2014)

    Google Scholar 

  5. Chesham, A., Wyss, P., Müri, R.M., Mosimann, U.P., Nef, T.: What older people like to play: genre preferences and acceptance of casual games. JMIR Serious Games 5(2), e8 (2017)

    CrossRef  Google Scholar 

  6. Connolly, T.M., Boyle, E.A., MacArthur, E., Hainey, T., Boyle, J.M.: A systematic literature review of empirical evidence on computer games and serious games. Comput. Educ. 59(2), 661–686 (2012)

    CrossRef  Google Scholar 

  7. Das, A., Bonneau, J., Caesar, M., Borisov, N., Wang, X.: The tangled web of password reuse. In: NDSS 2014, pp. 23–26. Internet Society (2014)

    Google Scholar 

  8. Denning, T., Lerner, A., Shostack, A., Kohno, T.: Control-Alt-Hack: the design and evaluation of a card game for computer security awareness and education. In: CCS 2013, pp. 915–928 (2013)

    Google Scholar 

  9. Dickey, M.D.: Engaging by design: how engagement strategies in popular computer and video games can inform instructional design. Educ. Technol. Res. Dev. 53(2), 67–83 (2005)

    CrossRef  Google Scholar 

  10. Florencio, D., Herley, C.: A large-scale study of web password habits. In: WWW 2007, pp. 657–666 (2007)

    Google Scholar 

  11. Gerling, K., Fuchslocher, A., Schmidt, R., Krämer, N., Masuch, M.: Designing and evaluating casual health games for children and teenagers with cancer. In: Anacleto, J.C., Fels, S., Graham, N., Kapralos, B., Saif El-Nasr, M., Stanley, K. (eds.) ICEC 2011. LNCS, vol. 6972, pp. 198–209. Springer, Heidelberg (2011).

    CrossRef  Google Scholar 

  12. Grimes, A., Kantroo, V., Grinter, R.E.: Let’s play! Mobile health games for adults. In: Ubicomp 2010, pp. 241–250. ACM (2010)

    Google Scholar 

  13. Hendrix, M., Al-Sherbaz, A., Victoria, B.: Game based cyber security training: are serious games suitable for cyber security training? IJSG 3(1), 53–61 (2016)

    CrossRef  Google Scholar 

  14. Hunt, T.: Pwned passwords. Accessed 10 August 2018

  15. Kuittinen, J., Kultima, A., Niemelä, J., Paavilainen, J.: Casual games discussion. In: Proceedings of the 2007 Conference on Future Play, pp. 105–112. ACM (2007)

    Google Scholar 

  16. Mazurek, M.L., et al.: Measuring password guessability for an entire university. In: CCS 2013, pp. 173–186. ACM (2013)

    Google Scholar 

  17. Morrison, C.: Casual Gaming Worth \$2.25 Billion, and Growing Fast. Accessed 10 August 2018

  18. NPD: The NPD Group: 37 Percent of U.S. Population Age 9 and Older Currently Plays PC Games. Accessed 10 August 2018

  19. NPS: Cyberciege (2004). Accessed 10 August 2018

  20. Phaser: Desktop and Mobile HTML5 Game Framework. Accessed 10 August 2018

  21. ProofPoint: Wombat Security Technologies. Accessed 10 August 2018

  22. Reimers, S., Stewart, N.: Presentation and response timing accuracy in Adobe Flash and HTML5/JavaScript web experiments. Behav. Res. Methods 47(2), 309–327 (2015)

    CrossRef  Google Scholar 

  23. Rittle-Johnson, B., Koedinger, K.R.: Comparing instructional strategies for integrating conceptual and procedural knowledge (2002)

    Google Scholar 

  24. Schroth, M.L.: The effects of delay of feedback on a delayed concept formation transfer task. Contemp. Educ. Psychol. 17(1), 78–82 (1992)

    CrossRef  MathSciNet  Google Scholar 

  25. Shay, R., et al.: Encountering stronger password requirements: user attitudes and behaviors. In: SOUPS 2010, pp. 2:1–2:20 (2010)

    Google Scholar 

  26. Sheng, S., et al.: Anti-Phishing Phil: the design and evaluation of a game that teaches people not to fall for phish. In: SOUPS 2007, pp. 88–99 (2007)

    Google Scholar 

  27. Squire, K.D.: Video game-based learning: an emerging paradigm for instruction. Perform. Improv. Q. 21(2), 7–36 (2008)

    CrossRef  Google Scholar 

  28. Ur, B., et al.: “I added ‘!’ at the end to make it secure”: observing password creation in the lab. In: SOUPS 2015, pp. 123–140. USENIX Association (2015)

    Google Scholar 

  29. Wiemker, M., Elumir, E., Clare, A.: Escape room games. Game Based Learn. (2015)

    Google Scholar 

  30. Wouters, P., Van Nimwegen, C., Van Oostendorp, H., Van Der Spek, E.D.: A meta-analysis of the cognitive and motivational effects of serious games. J. Educ. Psychol. 105(2), 249 (2013)

    CrossRef  Google Scholar 

Download references

Author information

Authors and Affiliations


Corresponding author

Correspondence to Harshal Tupsamudre .

Editor information

Editors and Affiliations

Rights and permissions

Reprints and Permissions

Copyright information

© 2018 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Tupsamudre, H. et al. (2018). GAP: A Game for Improving Awareness About Passwords. In: Göbel, S., et al. Serious Games. JCSG 2018. Lecture Notes in Computer Science(), vol 11243. Springer, Cham.

Download citation

  • DOI:

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-02761-2

  • Online ISBN: 978-3-030-02762-9

  • eBook Packages: Computer ScienceComputer Science (R0)