Accessible Requires Authentication Published by Oldenbourg Wissenschaftsverlag January 14, 2020

“Get a Free Item Pack with Every Activation!”

Do Incentives Increase the Adoption Rates of Two-Factor Authentication?

Karoline Busse ORCID logo, Sabrina Amft, Daniel Hecker and Emanuel von Zezschwitz
From the journal i-com

Abstract

Account security is an ongoing issue in practice. Two-Factor Authentication (2FA) is a mechanism which could help mitigate this problem, however adoption is not very high in most domains. Online gaming has adopted an interesting approach to drive adoption: Games offer small rewards such as visual modifications to the player’s avatar’s appearance, if players utilize 2FA. In this paper, we evaluate the effectiveness of these incentives and investigate how they can be applied to non-gaming contexts. We conducted two surveys, one recruiting gamers and one recruiting from a general population. In addition, we conducted three focus group interviews to evaluate various incentive designs for both, the gaming context and the non-gaming context. We found that visual modifications, which are the most popular type of gaming-related incentives, are not as popular in non-gaming contexts. However, our design explorations indicate that well-chosen incentives have the potential to lead to more users adopting 2FA, even outside of the gaming context.

Acknowledgment

We thank all our survey and focus group participants. Thanks to Matthew Smith for valuable feedback and supervision during the early conception of this work.

Portions of the materials used are trademarks and/or copyrighted works of Epic Games, Inc. All rights reserved by Epic. This material is not official and is not endorsed by Epic.

World of Warcraft ©2004 Blizzard Entertainment, Inc. All rights reserved. World of Warcraft, Warcraft and Blizzard Entertainment are trademarks or registered trademarks of Blizzard Entertainment, Inc. in the U.S. and/or other countries.

Appendix A Gaming Survey

Here we present the questionnaire for the first survey that was distributed in online gaming communities. This survey was designed and conducted as part of a student project.

The usage of services in the internet is rising. Historically the user accounts of such services are secured by using a password. To increase the security, two factor authentication (2FA) is used. When 2FA is used, the user needs another information to login. As an example, this could be a code provided via a mobile app or a SMS sent to a specified phone number. In many online games or game services it is feature-wise beneficial for the user to activate 2FA. The goal of this survey is to gather statistical data how the incentives or restrictions have influenced the 2FA adoption rate within the user base. This survey should only take you a few minutes. Thanks in advance for participating!

1. Demographics

Please fill in your age, gender and your current country of residence. free text entry

2. Which services do you use?

  1. Blizzard Battle.net

  2. Discord

  3. Facebook

  4. Guild Wars 2

  5. Nintendo Account

  6. Origin

  7. Playstation Network

  8. Reddit

  9. Slack

  10. Steam

  11. Telegram

  12. Twitter

  13. Wargaming

  14. WhatsApp

  15. XBox Live

  16. I don’t use any services on this list

3. For which services do you have 2FA activated?

Please mark the services you are actively using 2FA for.

  1. Blizzard Battle.net

  2. Discord

  3. Facebook

  4. Guild Wars 2

  5. Nintendo Account

  6. Origin

  7. Playstation Network

  8. Reddit

  9. Slack

  10. Steam

  11. Telegram

  12. Twitter

  13. Wargaming

  14. WhatsApp

  15. XBox Live

  16. Other (free text entry)

  17. I do not have 2FA activated

4. Which methods of 2FA do you use?

  1. SMS

  2. Email

  3. Google Authenticator

  4. Specific app solution, e. g. Blizzard Authenticator

  5. Hardware-Token

  6. Other

  7. I don’t use any 2FA methods

5. How would you rate the following methods of 2FA regarding their convenience?

(7-point Likert scale from not convenient to very conventient with don’t know option)

  1. SMS

  2. Email

  3. Google Authenticator

  4. Specific app solutions, e. g. Blizzard Authenticator

  5. Hardware-Token

6. How would you rate the following methods of 2FA regarding their security?

(7-point Likert scale from not secure to very secure with don’t know option)

  1. SMS

  2. Email

  3. Google Authenticator

  4. Specific app solutions, e. g. Blizzard Authenticator

  5. Hardware-Token

7. Why did you activate 2FA?

Please mark your primary reasons why you have activated 2FA.

  1. Account security

  2. High monetary value is attached to the account

  3. Gameplay advantage, e. g. an exclusive in-game shop

  4. Visual bonus, e. g. an exclusive in-game pet

  5. To circumvent a restriction, e. g. Steams Community Market Trading hold

  6. Other (free text entry)

  7. I do not have 2FA activated

8. If an incentive convinced you to activate 2FA, ..

... how easy was the activation of 2FA? (7-point Likert scale from very hard to very easy with I wasn’t convinced option)

9. If an incentive convinced you to activate 2FA, ..

... how convenient is the usage of 2FA? (7-point Likert scale from not convenient to very convenient with I wasn’t convinced option)

10. How likely is it that you would activate 2FA in the following scenarios?

(7-point Likert scale from not likely to very likely)

  1. You would lose a previously available feature for not activating 2FA (e. g. When Steams Community Market Trading hold was introduced)

  2. You could gain a gameplay advantage for using 2FA (e. g. additional inventory slots, exclusive shop)

  3. You could gain an exclusive visual modification for using 2FA (e. g. companion, special skin)

11. What is the probability of you deactivating 2FA, if you could keep the gained benefit(s)?

(7-point Likert scale from not likely to very likely) Probability of you deactivating 2FA

12. Why would you deactivate 2FA?

Please mark all applicable answers

  1. I don’t like the additional steps required to login

  2. I don’t care about the additional security layer

  3. I think the account is safe enough without 2FA

  4. Other (free text entry)

  5. I would not deactivate it

Appendix B General Population Survey

Here we present the questionnaire for the second survey that was distributed on Amazon MTurk. This survey was designed and conducted as part of a Master’s thesis.

This survey will ask you questions about your online behavior and different security mechanisms as part of a research project at University of Bonn. The results will be used to research and improve existing security mechanisms. Please read the questions carefully and answer honestly. We estimate this will take you 10–15 minutes.

By completing this survey you consent to the collection and evaluation of your answers. This will only be shared as part of our project and only with researchers of University of Bonn. The published results will be anonymized. Leaving the survey without finishing it equals withdrawing your consent, although you can return to finish it as long as the project is not completed.

If you have any questions or feedback regarding this survey please feel free to contact Sabrina Amft, Karoline Busse or Emanuel von Zezschwitz.

Thank you for participating!

1. Age

Please fill in your age. natural number entry

2. Demographics

Please fill in your gender and your current country of residence. free text entry

3. What do understand under the term ‘Valve’?

  1. A metal piece used to block or release a pipe

  2. The company behind a well-known game shop and different video games

  3. A TV Show about metal works

  4. A brand for summer clothing

  5. None of the above

4. Do you enjoy playing video games?

single selection

  1. Yes

  2. No

5. Which kinds of online services do you make use of?

  1. Online-Banking

  2. Backups and Clouds (e. g. Dropbox, Google Drive)

  3. E-Mail (e. g. Gmail)

  4. Social Media (e. g. Facebook, Twitter)

  5. Messaging (e. g. Skype, Whatsapp)

  6. Games (e. g. Battle.net)

  7. Retail (e. g. Amazon, eBay)

  8. Productivity (e. g. Google Docs)

  9. Hosting-Services (e. g. Amazon Web Services)

  10. Other (please specify)

6. Please mark the services you actively use

  1. Amazon

  2. Blizzard Battle.net

  3. Discord

  4. Dropbox

  5. eBay

  6. Facebook

  7. Google Drive

  8. Google Mail

  9. Instagram

  10. Kickstarter

  11. LinkedIn

  12. Nintendo Account

  13. OneDrive

  14. Online-Banking

  15. Origin

  16. Patreon

  17. Paypal

  18. Playstation Network

  19. Reddit

  20. Signal

  21. Skype

  22. Steam

  23. Telegram

  24. Twitch

  25. Twitter

  26. WhatsApp

  27. XBox Live

  28. Yahoo Mail

  29. Youtube

  30. I don’t use any services on this list

  31. Other (please specify)

Two-factor authentication (2FA)

is a security mechanism that requires a second piece of information (a second factor) if someone tries to log into an account. This is used to increase confidence that the person requesting access is really you. Such information is often a single-use code that is communicated via e. g. SMS, e-mail or apps such as Google Authenticator.

7. Do you use two-factor authentication for any of your online accounts?

single selection, participants who answered with No were forwarded to question 15.

  1. Yes

  2. No

  3. I don’t know

8. Do you use two factor authentication (2FA) for the following?

  1. Online-Banking

  2. Backups and Clouds (e. g. Dropbox, Google Drive)

  3. E-Mail (e. g. Gmail)

  4. Social Media (e. g. Facebook, Twitter)

  5. Messaging (e. g. Skype, Whatsapp)

  6. Games (e. g. Battle.net)

  7. Retail (e. g. Amazon, eBay)

  8. Productivity (e. g. Google Docs)

  9. Hosting-Services (e. g. Amazon Web Services)

  10. Other (free text answers from question 5)

  11. Other (please specify)

9. Please mark the services you are actively using 2FA for

Answers are carried over from question 6.

  1. Amazon

  2. Blizzard Battle.net

  3. Discord

  4. Dropbox

  5. eBay

  6. Facebook

  7. Google Drive

  8. Google Mail

  9. Instagram

  10. Kickstarter

  11. LinkedIn

  12. Nintendo Account

  13. OneDrive

  14. Online-Banking

  15. Origin

  16. Patreon

  17. Paypal

  18. Playstation Network

  19. Reddit

  20. Signal

  21. Skype

  22. Steam

  23. Telegram

  24. Twitch

  25. Twitter

  26. WhatsApp

  27. XBox Live

  28. Yahoo Mail

  29. Youtube

  30. I don’t use any services on this list

  31. Other (free text answers from question 6)

  32. Other (please specify)

10. How often do you use the following 2FA methods?

(5-point Likert scale with the options Daily, Weekly, Monthly, Sometimes, I don’t use any 2FA mechanisms)

  1. SMS

  2. E-Mail

  3. Google Authenticator

  4. Specific app solutions, e. g. Blizzard Authenticator

  5. Hardware token e. g. a SmartCard or Yubikey

11. How would you rate the following methods of 2FA regarding their convenience?

(5-point Likert scale from very convenient to not convenient with I don’t know option)

  1. SMS

  2. E-Mail

  3. Google Authenticator

  4. Specific app solutions, e. g. Blizzard Authenticator

  5. Hardware token e. g. a SmartCard or Yubikey

12. If you perceived the convenience of one or more methods to be low, please tell us why

free text entry

13. How would you rate the following methods of 2FA regarding their security?

(5-point Likert scale from very secure to not secure with I don’t know option)

  1. SMS

  2. E-Mail

  3. Google Authenticator

  4. Specific app solutions, e. g. Blizzard Authenticator

  5. Hardware token e. g. a SmartCard or Yubikey

14. If you perceived the security of one or more methods to be low, please tell us why

free text entry

15. What is the primary reason why you would activate 2FA?

single selection

  1. Account security

  2. High monetary value is attached to the account

  3. Functional advantage, e. g. new or enhanced features

  4. Visual bonus, e. g. a sticker set or an exclusive in-game pet

  5. To circumvent a restriction

  6. I don’t use 2FA

  7. Other (please specify)

16. If an incentive convinced you to activate 2FA, …

... how easy was the activation of 2FA? (5-point Likert scale from very to not at all with I don’t know option)

... how convenient is the usage of 2FA? (5-point Likert scale from very to not at all with I don’t know option)

17. How likely is it that you would activate 2FA in the following scenarios?

(5-point Likert scale from very likely to not likely with I don’t know option)first part of the question, item order was randomized

  1. You could gain a functional advantage for using 2FA (e. g. new features, exclusive shop)

  2. You are offered a sticker set for your favorite social media/messenger

  3. Posts including media (e. g. pictures) are kept on hold until reviewed by a moderator if 2FA is not activated

  4. You receive a small physical gift as a thank-you (e. g. keychain of your choice)

  5. You would lose a previously available feature (e. g. posting status updates, exclusive sales)

  6. You could gain a gameplay advantage for video games such as World of Warcraft (e. g. additional inventory slots, exclusive shop)

18. How likely is it that you would activate 2FA in the following scenarios?

(5-point Likert scale from very likely to not likely with I don’t know option) second part of the question, item order was randomized

  1. Please choose “very likely” for this question to let us know you’re still paying attention.

  2. You could gain an exclusive visual modification for using 2FA (e. g. a pet or costume for video game characters)

  3. You are offered a special offer (e. g. small permanent discount)

  4. It is not possible to access or interact with certain profiles if you do not activate 2FA

  5. You receive a one time bonus payment for using 2FA.

19. What is the probability of you deactivating 2FA, if you could keep the gained benefit(s) from activating it?

(5-point Likert scale from very high to very low)

20. What is the probability of you keeping 2FA active if otherwise you would loose the gained benefit(s) from activating it?

(5-point Likert scale from very high to very low)

21. Why would you deactivate 2FA?

  1. I don’t like the additional steps required to login

  2. I don’t think that 2FA will help increase the security of my account

  3. I don’t need additional security mechanisms

  4. I would not deactivate it

  5. It’s not working properly for me (e. g. delays with code delivery)

  6. Other (please specify)

22. Do you have any further remarks about this study or its topic?

free text entry

23. Please enter the following code in Amazon MTurk to help us verify that you completed the survey

a code was shown Yes, I copied the code to MTurk.

Thank you for completing this survey! Your answers were transmitted, you may close the browser window or tab now.

References

[1] Anne Adams, Martina Angela Sasse, and Peter Lunt. 1997. Making passwords secure and usable. In People and Computers XII. Springer, London, 1–19. DOI: http://dx.doi.org/10.1007/978-1-4471-3601-9_1. Search in Google Scholar

[2] Ashton Anderson, Daniel Huttenlocher, Jon Kleinberg, and Jure Leskovec. 2013. Steering user behavior with badges. In Proceedings of the 22nd international conference on World Wide Web. ACM, New York, NY, USA, 95–106. DOI: http://dx.doi.org/10.1145/2488388.2488398. Search in Google Scholar

[3] ArenaNet. 2012. Guild Wars 2. Game [PC]. (28 August 2012). Search in Google Scholar

[4] Gabriel Barata, Sandra Gama, Joaquim Jorge, and Daniel Gonçalves. 2013. Engaging engineering students with gamification. In 5th International Conference on Games and Virtual Worlds for Serious Applications (VS-GAMES). IEEE, New York, NY, USA, 1–8. DOI: http://dx.doi.org/10.1109/VS-GAMES.2013.6624228. Search in Google Scholar

[5] Kathy Baxter, Catherine Courage, and Kelly Caine. 2015. Understanding your Users (second ed.). Morgan Kaufmann, Boston. DOI: http://dx.doi.org/10.1016/B978-0-12-800232-2.09988-0. Search in Google Scholar

[6] Alastair R Beresford, Dorothea Kübler, and Sören Preibusch. 2012. Unwillingness to pay for privacy: A field experiment. Economics Letters 117, 1, 25–27. DOI: http://dx.doi.org/10.1016/j.econlet.2012.04.077. Search in Google Scholar

[7] BioWare Austin. 2011. Star Wars: The Old Republic. Game [PC]. (20 December 2011). Search in Google Scholar

[8] Blizzard Entertainment. 2004. World of Warcraft. Game [PC]. (23 November 2004). Search in Google Scholar

[9] Blizzard Entertainment. 2018. Upgrade Your Account Security and Gain a Backpack Upgrade. (19 January 2018). https://worldofwarcraft.com/en-gb/news/21366969/upgrade-your-account-security-and-gain-a-backpack-upgrade, last accessed 2019-04-08. Search in Google Scholar

[10] Carbine Studios. 2014. WildStar. Game [PC]. (3 June 2014). Search in Google Scholar

[11] Jessica Colnago, Summer Devlin, Maggie Oates, Chelse Swoopes, Lujo Bauer, Lorrie Cranor, and Nicolas Christin. 2018. “It’s not actually that horrible”: Exploring Adoption of Two-Factor Authentication at a University. In Proceedings of the 2018 CHI Conference on Human Factors in Computing Systems. ACM, New York, NY, USA, 456. DOI: http://dx.doi.org/10.1145/3173574.3174030. Search in Google Scholar

[12] Dan Cvrcek, Marek Kumpost, Vashek Matyas, and George Danezis. 2006. A Study on the Value of Location Privacy. In Proceedings of the 5th ACM Workshop on Privacy in Electronic Society (WPES ’06). ACM, New York, NY, USA, 109–118. DOI: http://dx.doi.org/10.1145/1179601.1179621. Search in Google Scholar

[13] Adrian Dabrowski, Markus Kammerstetter, Eduard Thamm, Edgar Weippl, and Wolfgang Kastner. 2015. Leveraging Competitive Gamification for Sustainable Fun and Profit in Security Education. In 2015 USENIX Summit on Gaming, Games, and Gamification in Security Education (3GSE 15). USENIX Association, Washington, D.C., 1–8. https://www.usenix.org/conference/3gse15/summit-program/presentation/dabrowski. Search in Google Scholar

[14] Emiliano De Cristofaro, Honglu Du, Julien Freudiger, and Greg Norcie. 2013. A comparative usability study of two-factor authentication. CoRR arxiv.org/abs/1309.5344. Search in Google Scholar

[15] Sebastian Deterding, Dan Dixon, Rilla Khaled, and Lennart Nacke. 2011. From Game Design Elements to Gamefulness: Defining “Gamification”. In Proceedings of the 15th International Academic MindTrek Conference: Envisioning Future Media Environments (MindTrek ’11). ACM, New York, NY, USA, 9–15. DOI: http://dx.doi.org/10.1145/2181037.2181040. Search in Google Scholar

[16] William Dudley. 2017. Rollback! The United States NIST NO LONGER recommends “Deprecating SMS for 2FA”. (6 July 2017). https://blogs.sap.com/2017/07/06/rollback-the-united-states-nist-no-longer-recommends-deprecating-sms-for-2fa/, last accessed 2019-03-27. Search in Google Scholar

[17] EA Sports. 2015. FIFA 16 Ultimate Team - Login Verification. (23 October 2015). https://www.easports.com/uk/fifa/ultimate-team/news/2015/login-verification, last accessed 2019-03-12. Search in Google Scholar

[18] Epic Games. 2017. Fortnite. Game [PC, Switch, Playstation 4, Xbox One, iOS, Android]. (25 July 2017). Search in Google Scholar

[19] Epic Games. 2018. Protect Your Account! Enable 2FA. (23 August 2018). https://www.epicgames.com/fortnite/en-US/news/2fa, last accessed 2019-04-08. Search in Google Scholar

[20] Guillermo Francia III, David Thornton, Monica Trifas, and Timothy Bowden. 2014. Gamification of information security awareness training. In Emerging Trends in ICT Security. Elsevier, Amsterdam, 85–97. Search in Google Scholar

[21] Gamer2Gamer Corp. 2019. g2g.com – About Us. (2019). http://corp.g2g.com/about-us-in-general/, last accessed 2019-04-10. Search in Google Scholar

[22] Jens Grossklags and Alessandro Acquisti. 2007. When 25 Cents is Too Much: An Experiment on Willingness-To-Sell and Willingness-To-Protect Personal Information. In 6th Annual Workshop on the Economics of Information Security, WEIS 2007, The Heinz School and CyLab at Carnegie Mellon University, Pittsburgh, PA, USA, June 7–8, 2007. http://weis2007.econinfosec.org/papers/66.pdf. Search in Google Scholar

[23] Nancie Gunson, Diarmid Marshall, Hazel Morton, and Mervyn Jack. 2011. User perceptions of security and usability of single-factor and two-factor authentication in automated telephone banking. Computers & Security 30, 4, 208–220. DOI: http://dx.doi.org/10.1016/j.cose.2010.12.001. Search in Google Scholar

[24] Sharwan Kumar Joram, Grzegorz Pelechaty, Pawan Kumar Chauhan, and Srikanth Vittal. 2009. Multiple factor user authentication system. (March 5 2009). US Patent App. 11/846,965. Search in Google Scholar

[25] Patrick Gage Kelley, Saranga Komanduri, Michelle L Mazurek, Richard Shay, Timothy Vidas, Lujo Bauer, Nicolas Christin, Lorrie Faith Cranor, and Julio Lopez. 2012. Guess again (and again and again): Measuring password strength by simulating password-cracking algorithms. In 2012 IEEE Symposium on Security and Privacy, SP. IEEE, New York, NY, USA, 523–537. DOI: http://dx.doi.org/10.1109/SP.2012.38. Search in Google Scholar

[26] Hanna Krasnova, Natasha F Veltri, and Oliver Günther. 2012. Self-disclosure and privacy calculus on social networking sites: The role of culture. Business & Information Systems Engineering 4, 3, 127–135. DOI: http://dx.doi.org/10.1007/s12599-012-0216-6. Search in Google Scholar

[27] Kat Krol, Eleni Philippou, Emiliano De Cristofaro, and M Angela Sasse. 2015. “They brought in the horrible key ring thing!” Analysing the Usability of Two-Factor Authentication in UK Online Banking. CoRR. http://arxiv.org/abs/1501.04434. Search in Google Scholar

[28] Katharina Krombholz, Karoline Busse, Katharina Pfeffer, Matthew Smith, and Emanuel von Zezschwitz. 2019. “If HTTPS Were Secure, I Wouldn’t Need 2FA” – End User and Administrator Mental Models of HTTPS. In 2019 IEEE Symposium on Security and Privacy, SP. IEEE, New York, NY, USA, 246–263. DOI: http://dx.doi.org/10.1109/SP.2019.00060. Search in Google Scholar

[29] Vili Lehdonvirta, Terhi-Anna Wilska, and Mikael Johnson. 2009. Virtual consumerism: case habbo hotel. Information, communication & society 12, 7, 1059–1079. DOI: http://dx.doi.org/10.1080/13691180802587813. Search in Google Scholar

[30] Martin C. Libicki, Edward Balkovich, Brian A. Jackson, Rena Rudavsky, and Katharine Watkins Webb. 2011. Influences on the Adoption of Multifactor Authentication. Search in Google Scholar

[31] Angela Marrujo. 2018. Fraud is taking the fun out of video games: scams, spam & account takeovers. (7 June 2018). https://venturebeat.com/2018/06/07/fraud-is-taking-the-fun-out-of-video-games-scams-spam-account-takeovers/, last accessed 2019-01-04. Search in Google Scholar

[32] Dennis Mirante and Justin Cappos. 2013. Understanding password database compromises. Dept. of Computer Science and Engineering Polytechnic Inst. of NYU, Tech. Rep. TR-CSE-2013-02. Search in Google Scholar

[33] MMO Games. 2015. Guild Wars 2: Free Mini Mystical Dragon Now Available. (28 July 2015). https://www.mmogames.com/gamenews/guild-wars-2-free-mini-mystical-dragon-now-available/, last accessed 2019-04-08. Search in Google Scholar

[34] Reza M Parizi, Ali Dehghantanha, Kim-Kwang Raymond Choo, Mohammad Hammoudeh, and Gregory Epiphaniou. 2019. Security in online games: Current implementations and challenges. In Handbook of Big Data and IoT Security. Springer Nature, Cham, 367–384. DOI: http://dx.doi.org/10.1007/978-3-030-10543-3_16. Search in Google Scholar

[35] Steve Sheng, Bryant Magnien, Ponnurangam Kumaraguru, Alessandro Acquisti, Lorrie Faith Cranor, Jason Hong, and Elizabeth Nunge. 2007. Anti-Phishing Phil: The Design and Evaluation of a Game That Teaches People Not to Fall for Phish. In Proceedings of the 3rd Symposium on Usable Privacy and Security (SOUPS ’07). ACM, New York, NY, USA, 88–99. DOI: http://dx.doi.org/10.1145/1280680.1280692. Search in Google Scholar

[36] M. Toorani and A. Beheshti. 2008. Solutions to the GSM Security Weaknesses. In 2008 The Second International Conference on Next Generation Mobile Applications, Services, and Technologies. IEEE, New York, NY, USA, 576–581. DOI: http://dx.doi.org/10.1109/NGMAST.2008.88. Search in Google Scholar

[37] Trend Micro. 2015. Data Privacy and Online Gaming: Why Gamers Make for Ideal Targets. (29 January 2015). https://www.trendmicro.com/vinfo/us/security/news/online-privacy/data-privacy-and-online-gaming-why-gamers-make-for-ideal-targets, last accessed 2019-01-04. Search in Google Scholar

[38] Ubisoft. 2018. 2 Step Verification Ranked Lock Update for PC. (27 November 2018). https://rainbow6.ubisoft.com/siege/en-gb/news/detail.aspx?c=tcm:154-340676-16&ct=tcm:154-76770-32, last accessed 2019-04-08. Search in Google Scholar

[39] Ubisoft Montreal, Ubisoft Kiev, Ubisoft Toronto, and Ubisoft Barcelona. 2015. Tom Clancy’s Rainbow Six Siege. Game [PC, Playstation 4, Xbox One]. (1 December 2015). Search in Google Scholar

[40] Valve. 2017. Steam Trade and Market Holds. (23 October 2017). https://support.steampowered.com/kb_article.php?ref=8078-TPHC-6195, last accessed 2019-04-09. Search in Google Scholar

[41] Riley Walters. 2014. Cyber attacks on US companies in 2014. The Heritage Foundation 4289 (2014), 1–5. Search in Google Scholar

[42] Jake Weidman and Jens Grossklags. 2017. I like it, but i hate it: Employee perceptions towards an institutional transition to BYOD second-factor authentication. In Proceedings of the 33rd Annual Computer Security Applications Conference. ACM, New York, NY, USA, 212–224. DOI: http://dx.doi.org/10.1145/3134600.3134629. Search in Google Scholar

[43] Catherine S. Weir, Gary Douglas, Mervyn Jack, and Tim Richardson. 2009. Usable security: User preferences for authentication methods in eBanking and the effects of experience. Interacting with Computers 22, 3, 153–164. DOI: http://dx.doi.org/10.1016/j.intcom.2009.10.001. Search in Google Scholar

[44] Zikai Alex Wen, Yiming Li, Reid Wade, Jeffrey Huang, and Amy Wang. 2017. What.Hack: Learn Phishing Email Defence the Fun Way. In Proceedings of the 2017 CHI Conference Extended Abstracts on Human Factors in Computing Systems (CHI EA ’17). ACM, New York, NY, USA, 234–237. DOI: http://dx.doi.org/10.1145/3027063.3048412. Search in Google Scholar

[45] Zack Zwiezen. 2019. Earn Free Money And Gold In GTA Online and Red Dead Online By Activating Two-Step Verification. (19 March 2019). https://kotaku.com/earn-free-money-and-gold-in-gta-online-and-red-dead-onl-1833178166, last accessed 2019-04-08. Search in Google Scholar

[46] Rui Zhou, Jasmine Hentschel, and Neha Kumar. 2017. Goodbye text, hello emoji: mobile communication on wechat in China. In Proceedings of the 2017 CHI conference on human factors in computing systems. ACM, New York, NY, USA, 748–759. DOI: http://dx.doi.org/10.1145/3025453.3025800. Search in Google Scholar

Published Online: 2020-01-14
Published in Print: 2019-11-18

© 2019 Walter de Gruyter GmbH, Berlin/Boston