Changing users' security behaviour towards security questions: A game based learning approach

TL;DR

This paper introduces a game-based learning approach using a modified '4 Pics 1 Word' game to improve users' security behavior and memorability of security questions for fallback authentication.

Contribution

It proposes a novel serious game design that leverages visual and verbal cues to enhance memorability of security questions, addressing usability issues in fallback authentication.

Findings

Enhanced memorability of security questions through game features

Improved user engagement with security questions

Potential for increased security in fallback authentication

Abstract

Fallback authentication is used to retrieve forgotten passwords. Security questions are one of the main techniques used to conduct fallback authentication. In this paper, we propose a serious game design that uses system-generated security questions with the aim of improving the usability of fallback authentication. For this purpose, we adopted the popular picture-based "4 Pics 1 word" mobile game. This game was selected because of its use of pictures and cues, which previous psychology research found to be crucial to aid memorability. This game asks users to pick the word that relates to the given pictures. We then customized this game by adding features which help maximize the following memory retrieval skills: (a) verbal cues - by providing hints with verbal descriptions, (b) spatial cues - by maintaining the same order of pictures, (c) graphical cues - by showing 4 images for each challenge, (d) interactivity/engaging nature of the game.