Graphical user authentication (GUA) is a common alternative to text-based user authentication, where people are required to draw graphical passwords on background images. Such schemes are theoretically considered remarkably secure because they offer a large password space. However, people tend to create their passwords on salient image areas introducing high password predictability. Aiming to help people use the password space more effectively, we propose a gameful password creation process. In this paper, we present GamePass, a gamified mechanism that integrates the GUA password creation process. We provide the first evidence that it is possible to nudge people towards better password choices by gamifying the process. GamePass randomly guides participants' attention to areas other than the salient areas of authentication images, makes the password creation process more fun, and people are more engaged. Gamifying the password creation process enables users to interact better and make less predictable graphical password choices instead of being forced to use a strict password policy.
https://doi.org/10.1145/3411764.3445658
The ACM CHI Conference on Human Factors in Computing Systems (https://chi2021.acm.org/)