Primary links

The Gamification of Infosec

Naked Password - this is what insecurity looks likeBeen on a blogging lull - have a growing list of things to talk about, but been busy on a few fun projects (more on those in coming days!).

This, though, had a good dose of originality, so I thought I would share - Naked Password

In short, the idea is as a user types in a potential password, as the complexity of the password increases, bits of clothing come off the character. It's fun (for most of us...), educational (in more ways than one, for the rest of you), not politically correct (always a plus) and...something the security industry needs more of.

Usually, to get humans to do what you want, you make it interesting for them - either through payment, humor, gunpoint, or other various means. We can educate users about secure coding practices, but until it's interesting to them, it's not going to stick. We can buy the latest cloud-based DLP systems with multi-factor auth and all the buzzwords we can throw at it - but if we don't engage the end user, it's all for nil. I'm tempted to use the phrase "gamification" here, I know it's not the best fit but it gets the point across. With some of the newer (gamified) technology currently luring user's attention, expecting the user to jump through our hoops of complexity is just our latest form of pipe-dreaming. Our policies are a road-block to their fun, something they must navigate as quickly as possible so they can return to the latest social game on their personal smartphone which you have no control over.

I don't have the complete answer yet, but Naked Password is a good example of what I think is the right direction to be moving. Obviously, transparent security is the best answer, but until we figure that out, we need people to play our game with us.

(image taken from Naked Password's site -