Gamifying Authentication

Kroeze and Olivier


Citation information

C. J. Kroeze and M. S. Olivier. “Gamifying Authentication”. In: Information Security for South Africa (ISSA), 2012. IEEE, Aug. 2012, pp. 1–8


The fields of security and usability often conflict with each other. Security focuses on making systems difficult for attackers to compromise. However, doing this also increases difficulty for the user. Users in security are often seen as an obstacle - they are the weakest point of the system, willing to circumvent security policies in order to access their work faster. A large part of security is authentication: knowing who a user of a system is and denying access to unauthenticated users. Authentication is very often the starting point of user interaction with security systems. Unfortunately, authentication is still most commonly achieved using text-based passwords. This is often the easiest and cheapest system to implement. Most websites and services advise users to select unique, complex and lengthy passwords. These passwords are difficult for users to remember and often lead to irresponsible behaviour such as writing down or reusing passwords. Serious games are games that are designed for a different primary purpose than pure entertainment. This field includes gamification, where non-gaming contexts are enhanced by using principles from gaming. Examples include experience points, achievements, progress indicators and leader boards. Gamification uses these tools to persuade users to change their behaviour. If gamification can be applied to security, it may aid in convincing users to act more securely. This paper discusses the possibilities of applying gamification to authentication as a new approach to usability and security.

Full text

A pre- or postprint of the publication is available at

Definitive version

The definitive version of the paper is available from the publisher.
DOI: 10.1109/ISSA.2012.6320439

BibTeX reference

author={Chistien J Kroeze and Martin S Olivier},
title={Gamifying Authentication},
booktitle={Information Security for South Africa (ISSA), 2012},
conferenceLocation={Johannesburg, Gauteng, South Africa},
dateOfCurrentVersion={04 October 2012},
IssueDate = {15-17 Aug. 2012},

[Publications] [Home]
Page maintained by Martin Olivier
Record refreshed: October 31, 2019

Beta version of new bibliography database; please report errors (or copyright violations) that may have slipped in.