Index ¦ Archives ¦ Atom

Gamification of Security

I've been thinking a lot recently about gamification of security. Giving people scores for how well they do security. Things like getting an "A+" on the SSL Labs or on securityheaders.io test.

Working through Google or Facebook's "Security Checklists" of things like password length and enabling 2 factor authentication where you get a big green tick and a better score for each one you setup. Or password meters that go up with the strength of your password.1

I think many people (my self included) will try to get a high score, and by doing so improve their security. One of the slightly creepy books that seems to be popular in silicon valley at the moment is Hooked: How to Build Habit-Forming Products2 while that book is trying to suck more money out of people playing games like candy crush it does make me think:

What psychological techniques can we use to make people actually want security, rather than feeling like they are having it forced on them.


  1. Sure sometimes those things are just a check box and they don't stop things like password reuse. But as long as they don't restrict which passwords you can use (e.g. must have a special character) if they encourage most user to make a better password then they are worth having. 

  2. I heard about it from Aral Barkan's talk talk Decentralise Everything, it's not related to gamification but it's worth watching. 

Creative Commons License
Content on this site is licensed under a Creative Commons Attribution 4.0 International License.
Built using Pelican. Based on a theme by Giulio Fidente on github.