{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,2,21]],"date-time":"2025-02-21T11:49:26Z","timestamp":1740138566179,"version":"3.37.3"},"reference-count":46,"publisher":"Walter de Gruyter GmbH","issue":"3","content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2019,11,18]]},"abstract":"<jats:title>Abstract<\/jats:title>\n               <jats:p>Account security is an ongoing issue in practice. Two-Factor Authentication (2FA) is a mechanism which could help mitigate this problem, however adoption is not very high in most domains. Online gaming has adopted an interesting approach to drive adoption: Games offer small rewards such as visual modifications to the player\u2019s avatar\u2019s appearance, if players utilize 2FA. In this paper, we evaluate the effectiveness of these incentives and investigate how they can be applied to non-gaming contexts. We conducted two surveys, one recruiting gamers and one recruiting from a general population. In addition, we conducted three focus group interviews to evaluate various incentive designs for both, the gaming context and the non-gaming context. We found that visual modifications, which are the most popular type of gaming-related incentives, are not as popular in non-gaming contexts. However, our design explorations indicate that well-chosen incentives have the potential to lead to more users adopting 2FA, even outside of the gaming context.<\/jats:p>","DOI":"10.1515\/icom-2019-0012","type":"journal-article","created":{"date-parts":[[2020,1,14]],"date-time":"2020-01-14T09:01:57Z","timestamp":1578992517000},"page":"217-236","source":"Crossref","is-referenced-by-count":0,"title":["\u201cGet a Free Item Pack with Every Activation!\u201d"],"prefix":"10.1515","volume":"18","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-4484-7639","authenticated-orcid":false,"given":"Karoline","family":"Busse","sequence":"first","affiliation":[{"name":"9374 University of Bonn , Bonn , Germany"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Sabrina","family":"Amft","sequence":"additional","affiliation":[{"name":"26555 Leibniz University Hannover , Hannover , Germany"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Daniel","family":"Hecker","sequence":"additional","affiliation":[{"name":"9374 University of Bonn , Bonn , Germany"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Emanuel","family":"von Zezschwitz","sequence":"additional","affiliation":[{"name":"9374 University of Bonn , Bonn , Germany"},{"name":"Fraunhofer FKIE , Bonn , Germany"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"374","published-online":{"date-parts":[[2020,1,14]]},"reference":[{"key":"2023033119042590700_j_icom-2019-0012_ref_001","doi-asserted-by":"crossref","unstructured":"Anne Adams, Martina Angela Sasse, and Peter Lunt. 1997. Making passwords secure and usable. In People and Computers XII. Springer, London, 1\u201319. DOI: http:\/\/dx.doi.org\/10.1007\/978-1-4471-3601-9_1.","DOI":"10.1007\/978-1-4471-3601-9_1"},{"key":"2023033119042590700_j_icom-2019-0012_ref_002","doi-asserted-by":"crossref","unstructured":"Ashton Anderson, Daniel Huttenlocher, Jon Kleinberg, and Jure Leskovec. 2013. Steering user behavior with badges. In Proceedings of the 22nd international conference on World Wide Web. ACM, New York, NY, USA, 95\u2013106. DOI: http:\/\/dx.doi.org\/10.1145\/2488388.2488398.","DOI":"10.1145\/2488388.2488398"},{"key":"2023033119042590700_j_icom-2019-0012_ref_003","unstructured":"ArenaNet. 2012. Guild Wars 2. Game [PC]. (28 August 2012)."},{"key":"2023033119042590700_j_icom-2019-0012_ref_004","doi-asserted-by":"crossref","unstructured":"Gabriel Barata, Sandra Gama, Joaquim Jorge, and Daniel Gon\u00e7alves. 2013. Engaging engineering students with gamification. In 5th International Conference on Games and Virtual Worlds for Serious Applications (VS-GAMES). IEEE, New York, NY, USA, 1\u20138. DOI: http:\/\/dx.doi.org\/10.1109\/VS-GAMES.2013.6624228.","DOI":"10.1109\/VS-GAMES.2013.6624228"},{"key":"2023033119042590700_j_icom-2019-0012_ref_005","doi-asserted-by":"crossref","unstructured":"Kathy Baxter, Catherine Courage, and Kelly Caine. 2015. Understanding your Users (second ed.). Morgan Kaufmann, Boston. DOI: http:\/\/dx.doi.org\/10.1016\/B978-0-12-800232-2.09988-0.","DOI":"10.1016\/B978-0-12-800232-2.09988-0"},{"key":"2023033119042590700_j_icom-2019-0012_ref_006","doi-asserted-by":"crossref","unstructured":"Alastair\u2009R Beresford, Dorothea K\u00fcbler, and S\u00f6ren Preibusch. 2012. Unwillingness to pay for privacy: A field experiment. Economics Letters 117, 1, 25\u201327. DOI: http:\/\/dx.doi.org\/10.1016\/j.econlet.2012.04.077.","DOI":"10.1016\/j.econlet.2012.04.077"},{"key":"2023033119042590700_j_icom-2019-0012_ref_007","unstructured":"BioWare Austin. 2011. Star Wars: The Old Republic. Game [PC]. (20 December 2011)."},{"key":"2023033119042590700_j_icom-2019-0012_ref_008","unstructured":"Blizzard Entertainment. 2004. World of Warcraft. Game [PC]. (23 November 2004)."},{"key":"2023033119042590700_j_icom-2019-0012_ref_009","unstructured":"Blizzard Entertainment. 2018. Upgrade Your Account Security and Gain a Backpack Upgrade. (19 January 2018). https:\/\/worldofwarcraft.com\/en-gb\/news\/21366969\/upgrade-your-account-security-and-gain-a-backpack-upgrade, last accessed 2019-04-08."},{"key":"2023033119042590700_j_icom-2019-0012_ref_010","unstructured":"Carbine Studios. 2014. WildStar. Game [PC]. (3 June 2014)."},{"key":"2023033119042590700_j_icom-2019-0012_ref_011","doi-asserted-by":"crossref","unstructured":"Jessica Colnago, Summer Devlin, Maggie Oates, Chelse Swoopes, Lujo Bauer, Lorrie Cranor, and Nicolas Christin. 2018. \u201cIt\u2019s not actually that horrible\u201d: Exploring Adoption of Two-Factor Authentication at a University. In Proceedings of the 2018 CHI Conference on Human Factors in Computing Systems. ACM, New York, NY, USA, 456. DOI: http:\/\/dx.doi.org\/10.1145\/3173574.3174030.","DOI":"10.1145\/3173574.3174030"},{"key":"2023033119042590700_j_icom-2019-0012_ref_012","doi-asserted-by":"crossref","unstructured":"Dan Cvrcek, Marek Kumpost, Vashek Matyas, and George Danezis. 2006. A Study on the Value of Location Privacy. In Proceedings of the 5th ACM Workshop on Privacy in Electronic Society (WPES \u201906). ACM, New York, NY, USA, 109\u2013118. DOI: http:\/\/dx.doi.org\/10.1145\/1179601.1179621.","DOI":"10.1145\/1179601.1179621"},{"key":"2023033119042590700_j_icom-2019-0012_ref_013","unstructured":"Adrian Dabrowski, Markus Kammerstetter, Eduard Thamm, Edgar Weippl, and Wolfgang Kastner. 2015. Leveraging Competitive Gamification for Sustainable Fun and Profit in Security Education. In 2015 USENIX Summit on Gaming, Games, and Gamification in Security Education (3GSE 15). USENIX Association, Washington, D.C., 1\u20138. https:\/\/www.usenix.org\/conference\/3gse15\/summit-program\/presentation\/dabrowski."},{"key":"2023033119042590700_j_icom-2019-0012_ref_014","doi-asserted-by":"crossref","unstructured":"Emiliano De Cristofaro, Honglu Du, Julien Freudiger, and Greg Norcie. 2013. A comparative usability study of two-factor authentication. CoRR arxiv.org\/abs\/1309.5344.","DOI":"10.14722\/usec.2014.23025"},{"key":"2023033119042590700_j_icom-2019-0012_ref_015","doi-asserted-by":"crossref","unstructured":"Sebastian Deterding, Dan Dixon, Rilla Khaled, and Lennart Nacke. 2011. From Game Design Elements to Gamefulness: Defining \u201cGamification\u201d. In Proceedings of the 15th International Academic MindTrek Conference: Envisioning Future Media Environments (MindTrek \u201911). ACM, New York, NY, USA, 9\u201315. DOI: http:\/\/dx.doi.org\/10.1145\/2181037.2181040.","DOI":"10.1145\/2181037.2181040"},{"key":"2023033119042590700_j_icom-2019-0012_ref_016","unstructured":"William Dudley. 2017. Rollback! The United States NIST NO LONGER recommends \u201cDeprecating SMS for 2FA\u201d. (6 July 2017). https:\/\/blogs.sap.com\/2017\/07\/06\/rollback-the-united-states-nist-no-longer-recommends-deprecating-sms-for-2fa\/, last accessed 2019-03-27."},{"key":"2023033119042590700_j_icom-2019-0012_ref_017","unstructured":"EA Sports. 2015. FIFA 16 Ultimate Team - Login Verification. (23 October 2015). https:\/\/www.easports.com\/uk\/fifa\/ultimate-team\/news\/2015\/login-verification, last accessed 2019-03-12."},{"key":"2023033119042590700_j_icom-2019-0012_ref_018","unstructured":"Epic Games. 2017. Fortnite. Game [PC, Switch, Playstation 4, Xbox One, iOS, Android]. (25 July 2017)."},{"key":"2023033119042590700_j_icom-2019-0012_ref_019","unstructured":"Epic Games. 2018. Protect Your Account! Enable 2FA. (23 August 2018). https:\/\/www.epicgames.com\/fortnite\/en-US\/news\/2fa, last accessed 2019-04-08."},{"key":"2023033119042590700_j_icom-2019-0012_ref_020","doi-asserted-by":"crossref","unstructured":"Guillermo Francia III, David Thornton, Monica Trifas, and Timothy Bowden. 2014. Gamification of information security awareness training. In Emerging Trends in ICT Security. Elsevier, Amsterdam, 85\u201397.","DOI":"10.1016\/B978-0-12-411474-6.00005-0"},{"key":"2023033119042590700_j_icom-2019-0012_ref_021","unstructured":"Gamer2Gamer Corp. 2019. g2g.com \u2013 About Us. (2019). http:\/\/corp.g2g.com\/about-us-in-general\/, last accessed 2019-04-10."},{"key":"2023033119042590700_j_icom-2019-0012_ref_022","unstructured":"Jens Grossklags and Alessandro Acquisti. 2007. When 25 Cents is Too Much: An Experiment on Willingness-To-Sell and Willingness-To-Protect Personal Information. In 6th Annual Workshop on the Economics of Information Security, WEIS 2007, The Heinz School and CyLab at Carnegie Mellon University, Pittsburgh, PA, USA, June 7\u20138, 2007. http:\/\/weis2007.econinfosec.org\/papers\/66.pdf."},{"key":"2023033119042590700_j_icom-2019-0012_ref_023","doi-asserted-by":"crossref","unstructured":"Nancie Gunson, Diarmid Marshall, Hazel Morton, and Mervyn Jack. 2011. User perceptions of security and usability of single-factor and two-factor authentication in automated telephone banking. Computers & Security 30, 4, 208\u2013220. DOI: http:\/\/dx.doi.org\/10.1016\/j.cose.2010.12.001.","DOI":"10.1016\/j.cose.2010.12.001"},{"key":"2023033119042590700_j_icom-2019-0012_ref_024","unstructured":"Sharwan Kumar Joram, Grzegorz Pelechaty, Pawan Kumar Chauhan, and Srikanth Vittal. 2009. Multiple factor user authentication system. (March 5 2009). US Patent App. 11\/846,965."},{"key":"2023033119042590700_j_icom-2019-0012_ref_025","doi-asserted-by":"crossref","unstructured":"Patrick Gage Kelley, Saranga Komanduri, Michelle L Mazurek, Richard Shay, Timothy Vidas, Lujo Bauer, Nicolas Christin, Lorrie Faith Cranor, and Julio Lopez. 2012. Guess again (and again and again): Measuring password strength by simulating password-cracking algorithms. In 2012 IEEE Symposium on Security and Privacy, SP. IEEE, New York, NY, USA, 523\u2013537. DOI: http:\/\/dx.doi.org\/10.1109\/SP.2012.38.","DOI":"10.1109\/SP.2012.38"},{"key":"2023033119042590700_j_icom-2019-0012_ref_026","doi-asserted-by":"crossref","unstructured":"Hanna Krasnova, Natasha F Veltri, and Oliver G\u00fcnther. 2012. Self-disclosure and privacy calculus on social networking sites: The role of culture. Business & Information Systems Engineering 4, 3, 127\u2013135. DOI: http:\/\/dx.doi.org\/10.1007\/s12599-012-0216-6.","DOI":"10.1007\/s12599-012-0216-6"},{"key":"2023033119042590700_j_icom-2019-0012_ref_027","doi-asserted-by":"crossref","unstructured":"Kat Krol, Eleni Philippou, Emiliano De Cristofaro, and M Angela Sasse. 2015. \u201cThey brought in the horrible key ring thing!\u201d Analysing the Usability of Two-Factor Authentication in UK Online Banking. CoRR. http:\/\/arxiv.org\/abs\/1501.04434.","DOI":"10.14722\/usec.2015.23001"},{"key":"2023033119042590700_j_icom-2019-0012_ref_028","doi-asserted-by":"crossref","unstructured":"Katharina Krombholz, Karoline Busse, Katharina Pfeffer, Matthew Smith, and Emanuel von Zezschwitz. 2019. \u201cIf HTTPS Were Secure, I Wouldn\u2019t Need 2FA\u201d \u2013 End User and Administrator Mental Models of HTTPS. In 2019 IEEE Symposium on Security and Privacy, SP. IEEE, New York, NY, USA, 246\u2013263. DOI: http:\/\/dx.doi.org\/10.1109\/SP.2019.00060.","DOI":"10.1109\/SP.2019.00060"},{"key":"2023033119042590700_j_icom-2019-0012_ref_029","doi-asserted-by":"crossref","unstructured":"Vili Lehdonvirta, Terhi-Anna Wilska, and Mikael Johnson. 2009. Virtual consumerism: case habbo hotel. Information, communication & society 12, 7, 1059\u20131079. DOI: http:\/\/dx.doi.org\/10.1080\/13691180802587813.","DOI":"10.1080\/13691180802587813"},{"key":"2023033119042590700_j_icom-2019-0012_ref_030","unstructured":"Martin C. Libicki, Edward Balkovich, Brian A. Jackson, Rena Rudavsky, and Katharine Watkins Webb. 2011. Influences on the Adoption of Multifactor Authentication."},{"key":"2023033119042590700_j_icom-2019-0012_ref_031","unstructured":"Angela Marrujo. 2018. Fraud is taking the fun out of video games: scams, spam & account takeovers. (7 June 2018). https:\/\/venturebeat.com\/2018\/06\/07\/fraud-is-taking-the-fun-out-of-video-games-scams-spam-account-takeovers\/, last accessed 2019-01-04."},{"key":"2023033119042590700_j_icom-2019-0012_ref_032","unstructured":"Dennis Mirante and Justin Cappos. 2013. Understanding password database compromises. Dept. of Computer Science and Engineering Polytechnic Inst. of NYU, Tech. Rep. TR-CSE-2013-02."},{"key":"2023033119042590700_j_icom-2019-0012_ref_033","unstructured":"MMO Games. 2015. Guild Wars 2: Free Mini Mystical Dragon Now Available. (28 July 2015). https:\/\/www.mmogames.com\/gamenews\/guild-wars-2-free-mini-mystical-dragon-now-available\/, last accessed 2019-04-08."},{"key":"2023033119042590700_j_icom-2019-0012_ref_034","doi-asserted-by":"crossref","unstructured":"Reza M Parizi, Ali Dehghantanha, Kim-Kwang Raymond Choo, Mohammad Hammoudeh, and Gregory Epiphaniou. 2019. Security in online games: Current implementations and challenges. In Handbook of Big Data and IoT Security. Springer Nature, Cham, 367\u2013384. DOI: http:\/\/dx.doi.org\/10.1007\/978-3-030-10543-3_16.","DOI":"10.1007\/978-3-030-10543-3_16"},{"key":"2023033119042590700_j_icom-2019-0012_ref_035","doi-asserted-by":"crossref","unstructured":"Steve Sheng, Bryant Magnien, Ponnurangam Kumaraguru, Alessandro Acquisti, Lorrie Faith Cranor, Jason Hong, and Elizabeth Nunge. 2007. Anti-Phishing Phil: The Design and Evaluation of a Game That Teaches People Not to Fall for Phish. In Proceedings of the 3rd Symposium on Usable Privacy and Security (SOUPS \u201907). ACM, New York, NY, USA, 88\u201399. DOI: http:\/\/dx.doi.org\/10.1145\/1280680.1280692.","DOI":"10.1145\/1280680.1280692"},{"key":"2023033119042590700_j_icom-2019-0012_ref_036","doi-asserted-by":"crossref","unstructured":"M. Toorani and A. Beheshti. 2008. Solutions to the GSM Security Weaknesses. In 2008 The Second International Conference on Next Generation Mobile Applications, Services, and Technologies. IEEE, New York, NY, USA, 576\u2013581. DOI: http:\/\/dx.doi.org\/10.1109\/NGMAST.2008.88.","DOI":"10.1109\/NGMAST.2008.88"},{"key":"2023033119042590700_j_icom-2019-0012_ref_037","unstructured":"Trend Micro. 2015. Data Privacy and Online Gaming: Why Gamers Make for Ideal Targets. (29 January 2015). https:\/\/www.trendmicro.com\/vinfo\/us\/security\/news\/online-privacy\/data-privacy-and-online-gaming-why-gamers-make-for-ideal-targets, last accessed 2019-01-04."},{"key":"2023033119042590700_j_icom-2019-0012_ref_038","unstructured":"Ubisoft. 2018. 2 Step Verification Ranked Lock Update for PC. (27 November 2018). https:\/\/rainbow6.ubisoft.com\/siege\/en-gb\/news\/detail.aspx?c=tcm:154-340676-16&ct=tcm:154-76770-32, last accessed 2019-04-08."},{"key":"2023033119042590700_j_icom-2019-0012_ref_039","unstructured":"Ubisoft Montreal, Ubisoft Kiev, Ubisoft Toronto, and Ubisoft Barcelona. 2015. Tom Clancy\u2019s Rainbow Six Siege. Game [PC, Playstation 4, Xbox One]. (1 December 2015)."},{"key":"2023033119042590700_j_icom-2019-0012_ref_040","unstructured":"Valve. 2017. Steam Trade and Market Holds. (23 October 2017). https:\/\/support.steampowered.com\/kb_article.php?ref=8078-TPHC-6195, last accessed 2019-04-09."},{"key":"2023033119042590700_j_icom-2019-0012_ref_041","unstructured":"Riley Walters. 2014. Cyber attacks on US companies in 2014. The Heritage Foundation 4289 (2014), 1\u20135."},{"key":"2023033119042590700_j_icom-2019-0012_ref_042","doi-asserted-by":"crossref","unstructured":"Jake Weidman and Jens Grossklags. 2017. I like it, but i hate it: Employee perceptions towards an institutional transition to BYOD second-factor authentication. In Proceedings of the 33rd Annual Computer Security Applications Conference. ACM, New York, NY, USA, 212\u2013224. DOI: http:\/\/dx.doi.org\/10.1145\/3134600.3134629.","DOI":"10.1145\/3134600.3134629"},{"key":"2023033119042590700_j_icom-2019-0012_ref_043","doi-asserted-by":"crossref","unstructured":"Catherine S. Weir, Gary Douglas, Mervyn Jack, and Tim Richardson. 2009. Usable security: User preferences for authentication methods in eBanking and the effects of experience. Interacting with Computers 22, 3, 153\u2013164. DOI: http:\/\/dx.doi.org\/10.1016\/j.intcom.2009.10.001.","DOI":"10.1016\/j.intcom.2009.10.001"},{"key":"2023033119042590700_j_icom-2019-0012_ref_044","doi-asserted-by":"crossref","unstructured":"Zikai Alex Wen, Yiming Li, Reid Wade, Jeffrey Huang, and Amy Wang. 2017. What.Hack: Learn Phishing Email Defence the Fun Way. In Proceedings of the 2017 CHI Conference Extended Abstracts on Human Factors in Computing Systems (CHI EA \u201917). ACM, New York, NY, USA, 234\u2013237. DOI: http:\/\/dx.doi.org\/10.1145\/3027063.3048412.","DOI":"10.1145\/3027063.3048412"},{"key":"2023033119042590700_j_icom-2019-0012_ref_045","unstructured":"Zack Zwiezen. 2019. Earn Free Money And Gold In GTA Online and Red Dead Online By Activating Two-Step Verification. (19 March 2019). https:\/\/kotaku.com\/earn-free-money-and-gold-in-gta-online-and-red-dead-onl-1833178166, last accessed 2019-04-08."},{"key":"2023033119042590700_j_icom-2019-0012_ref_046","doi-asserted-by":"crossref","unstructured":"Rui Zhou, Jasmine Hentschel, and Neha Kumar. 2017. Goodbye text, hello emoji: mobile communication on wechat in China. In Proceedings of the 2017 CHI conference on human factors in computing systems. ACM, New York, NY, USA, 748\u2013759. DOI: http:\/\/dx.doi.org\/10.1145\/3025453.3025800.","DOI":"10.1145\/3025453.3025800"}],"container-title":["i-com"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.degruyter.com\/view\/journals\/icom\/18\/3\/article-p217.xml","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/www.degruyter.com\/document\/doi\/10.1515\/icom-2019-0012\/xml","content-type":"application\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/www.degruyter.com\/document\/doi\/10.1515\/icom-2019-0012\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2023,4,1]],"date-time":"2023-04-01T04:54:25Z","timestamp":1680324865000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.degruyter.com\/document\/doi\/10.1515\/icom-2019-0012\/html"}},"subtitle":["Do Incentives Increase the Adoption Rates of Two-Factor Authentication?"],"short-title":[],"issued":{"date-parts":[[2019,11,18]]},"references-count":46,"journal-issue":{"issue":"3","published-online":{"date-parts":[[2020,1,14]]},"published-print":{"date-parts":[[2019,11,18]]}},"alternative-id":["10.1515\/icom-2019-0012"],"URL":"https:\/\/doi.org\/10.1515\/icom-2019-0012","relation":{},"ISSN":["2196-6826","1618-162X"],"issn-type":[{"type":"electronic","value":"2196-6826"},{"type":"print","value":"1618-162X"}],"subject":[],"published":{"date-parts":[[2019,11,18]]}}}