Involving Users in the Design of a Serious Game for Security Questions Education
This work addresses security education for general users, but it is incremental as it builds on existing serious game research without introducing a new method or paradigm.
The paper tackled the problem of users trading security for memorability in security questions by evaluating a serious game design to educate users on providing strong, memorable answers. The findings revealed that rewards improve learning, social elements are inappropriate due to privacy fears, and mobile devices are preferred even by non-gamers.
When using security questions most users still trade-off security for the convenience of memorability. This happens because most users find strong answers to security questions difficult to remember. Previous research in security education was successful in motivating users to change their behaviour towards security issues, through the use of serious games (i.e. games designed for a primary purpose other than pure entertainment). Hence, in this paper we evaluate the design of a serious game, to investigate the features and functionalities that users would find desirable in a game that aims to educate them to provide strong and memorable answers to security questions. Our findings reveal that: (1) even for security education games, rewards seem to motivate users to have a better learning experience; (2) functionalities which contain a social element (e.g. getting help from other players) do not seem appropriate for serious games related to security questions, because users fear that their acquaintances could gain access to their security questions; (3) even users who do not usually play games would seem to prefer to play security education games on a mobile device.