A Serious Game Design: Nudging Users' Memorability of Security Questions

TL;DR

This paper explores whether a serious game based on a popular mobile game can enhance the memorability of security question answers, aiming to improve password recovery usability without compromising security.

Contribution

It introduces a novel serious game adaptation using visual cues to improve memorability of security answers, addressing a key usability-security trade-off.

Findings

The serious game potentially improves memorability of security answers.

Visual cues aid in better recall of security question responses.

The approach offers a promising way to enhance fallback authentication security.

Abstract

Security questions are one of the techniques used to recover passwords. The main limitation of security questions is that users find strong answers difficult to remember. This leads users to trade-off security for the convenience of an improved memorability. Previous research found that increased fun and enjoyment can lead to an enhanced memorability, which provides a better learning experience. Hence, we empirically investigate whether a serious game has the potential of improving the memorability of strong answers to security questions. For our serious game, we adapted the popular "4 Pics 1 word" mobile game because of its use of pictures and cues, which psychology research found to be important to help with memorability. Our findings indicate that the proposed serious game could potentially improve the memorability of answers to security questions. This potential improvement in memorability, could eventually help reduce the trade-off between usability and security in fall-back authentication.