The 9 best password security games for employees

Your passwords are some of your most valuable assets. They provide access to anything from your bank details to your work-related accounts. And that’s all that cybercriminals dream are looking for.

To keep your organization’s data safe, you need your employees to take good care of their passwords. This means setting a password with the right complexity, changing their passwords regularly, and other measures to keep their passwords secret.

That’s why many organizations offer password security training. However, not all training solutions can keep users engaged. That’s why password security games are on the rise.

In this article, we’ll share the best password security awareness games on the market.

1. Guardey

Guardey is a password security game that uses storytelling and friendly competition as a way to keep users engaged.

At the beginning of the game, users get to start their own fictional organization. During regular challenges, they learn to protect that organization against cyber risks such as weak passwords, phishing, malware, and more.

In a shared leaderboard, colleagues battle for the number one spot. They can get to that spot by earning money for their organization, which can be done by performing well during challenges.

If you want, you can customize Guardey’s content to your wishes. If your password policy requires your employees to change their password every month instead of every six months, you can easily adjust that.

Pros

• Regular training
• Gamification
• Reporting abilities
• Customizable

Cons

• It’s not free, but is affordable and offers a 14-day free trial

Start a 14-day free Guardey trial

2. Counterintelligence Trivia Twirl

When it comes to games, a trivia twirl is a trusted classic. This specific game can land you on a couple of different cybersecurity-related topics.

It’s a fun game to get your employees to learn a thing or two, but the entire game can be played in no more than twenty minutes. This means it can’t be used as a long-term solution to keep employees aware of your password policy.

Pros

• It’s free
• Spinning the wheel is always fun
• The questions are challenging

Cons

• Limited gamification elements
• No option for long-term password security training

3. Hoxhunt

Hoxhunt refers to itself as a Human Risk Management Platform. Its training solution uses gamification elements to keep users engaged and teach them about a wide variety of topics, one of them being password security.

They focus on going beyond ‘just’ training and motivating them to report threats once they discover them. You can also offer ‘just-in-time’ training surrounding threats that have been discovered recently.

If you’re curious, you will need to contact Hoxhunt’s sales department to see the product. There is no free version or a free trial available.

Pros

• Gamification
• Reporting abilities
• Micro-learning
• Just-in-time training

Cons

• No transparent pricing
• Focus on enterprise organizations

4. The Weakest Link

The Weakest Link is a fun and short game that takes about an hour to play in its entirety. It’s a great way to freshen up your employees’ memory of the importance of good password management.

What we like most about this game is the direct feedback you get after every question. This enables users to learn from a mistake right after they’ve made it. The feedback is of good quality.

It’s a nice password security game to send over to your colleagues for one-time usage. But it’s not suitable for long-term training.

Pros:

• It’s free of charge
• High-quality feedback and context

Cons:

• Limited gamification elements
• Not a long-term solution

5. Targeted Attack

Targeted Attack: The Game is a password security game that also covers general cybersecurity. Players are put in the hot seat as the CIO of Fugle, an international organization. Fugle must fend off attacks as they gear up to release a new mobile payment app, with the player making choices that will decide the company’s fate. Will Fugle’s biometrically authenticated app launch successfully, or will the unwitting CIO make a fatal mistake?

Targeted Attack: The Game is the brainchild of Trend Micro, one of the biggest and most established names in cybersecurity. It’s a fun and engaging tool for getting to grips with the essentials of good security practices, including password security, and has been well-received by customers and players.

The game begins with an introductory video that gives players the information they need, then the players must devise a strategy to resist threats and protect sensitive information. Players must select the right options and make smart choices, deploying a limited supply of budget coins effectively to succeed.

Pros:

• A fun and engaging password security game, with realistic threats and consequences for poor choices.
• Memorable, encouraging retention

Cons:

• Not free to play

6. Cybersecurity Escape Room

The Cybersecurity Escape Room is an online game where users take on the role of a cybercriminal attempting to exploit security issues, such as weak passwords. Unlike similar products featuring an in-person escape room environment, the Cybersecurity Escape Room from Thrice Security is a virtual password security game that’s carried out online. It’s suitable for solo players or groups, with a fee of €12.50 ($13.55) per participant.

Players receive a video tutorial to teach them how the gameplay works and introduce their objectives. Players must interact with a virtual office environment, finding and exploiting various security flaws such as insecure passwords to steal a sensitive document from the target.

This kind of gameplay — putting players in the attacker’s shoes — can really help spotlight password security and other security issues. The team aspect also helps build cooperation between participants and encourages players to view security as a group effort. The office environment is realistic and will help players consider how their own workplaces can be made more secure (such as not writing down passwords where they can be read).

Pros:

• Entertaining and involving
• Realistic simulated office environment
• Promotes teamwork

Cons:

• Could become expensive with multiple larger groups

7. Backdoors & Breaches

Backdoors & Breaches is a password security game that can be played online, either on the dedicated platform or via Discord. It’s a little different from other password security games. Created by Black Hills Information Security, Backdoors & Breaches takes a novel approach to training, with cards representing different threats and responses.

Players must deploy their cards strategically to fight off threats and win the game. It’s intended to introduce concepts in a way that’s entertaining and memorable, teaching players about tools, methods, and the types of attacks that they might be facing.

There are multiple different decks of cards. The core deck of 52 cards introduces more general concepts, while the expansion decks focus on more specialized areas like cloud security, or introduce more advanced security concepts. Backdoors & Breaches offers some Spanish-language options, although only the core deck is available in Spanish at present.

The ideal group size is five to seven players, although the game can be played with just two participants. One player takes the role of the gamesmaster (the Incident Captain) and uses four attack cards to create a scenario. Players must use their cards, a 20-sided die, and their imaginations to respond to the attack and win the game.

Pros:

• Novel and unusual gameplay sets it apart from other password security games
• Introduces multiple concepts alongside password security training

Cons:

• Decks and expansions could become expensive
• Might be a little abstract for some learners

8. Riskio

Based on the Microsoft STRIDE threat taxonomy, Riskio is another entry into the field of card-based password security games. It’s aimed at introducing concepts like password security and more advanced security concepts. The game uses a red deck of threat cards, which players must counter using their green defense cards. There’s also an orange deck of information cards that players can use to help formulate strategies.

Players must take turns to play the role of attacker, with the rest of the team countering their attacks. Each defender then selects a card they can use to counter the threat and explains to the gamesmaster how their defense would work. The game master then awards points from one to three, depending on how effective the defense is judged to be.

Pros:

• Memorably introduces attack and defense concepts
• Encourages critical thinking and planning

Cons:

• Requires some existing knowledge of security topics

9. Missing Link

Missing Link is a free mystery game from Texas A&M University. An A&M professor and social network creator has gone missing and the player must help detective Bobby Joe Bordeaux to solve the case. Each stage of the game introduces a security concept and tests the player’s knowledge, for example by spotting signs of a phishing email, completing a password security test, or finding the professor’s login information.

Unlike many other password security games, Missing Link does not require any technical setup or expensive subscriptions. It is a simple point-and-click adventure that is played in the browser, requiring no special technical knowledge and introducing security concepts in a fun, stress-free way. Players are scored on each stage and receive helpful feedback.

Pros:

• Fun and accessible, perfect for beginners.
• Free to play.
• Quizzes, such as the password security quiz, allow players to test their knowledge.

Cons:

• Might not be as useful for high-level learners.
• Not suited for long-term awareness programs

Conclusion

“Everybody knows they need a strong password by now.” We hear this a lot. Yet still, cybercriminals often are able to hack organizations by figuring out weak or outdated passwords. We often overestimate both our employees and ourselves when it comes to both knowledge and awareness on cyber security topics.

With Guardey, users get a regular challenge that takes no more than a quick three minutes to complete. This enables them to stay aware of cyber threats, such as password security.

Start a 14-day free Guardey trial