“…A serious game is defined as a game designed for a primary purpose other than pure entertainment (Djaouti et al, 2011). The previous work in security education has found that serious games could motivate users to change their behaviour towards general concepts in computer security (Denning et al, 2013;Dasgupta et al, 2013), phishing attacks (Arachchilage et al, 2016;Misra et al, 2017) and to help users remember passwords (Tao and Adams, 2008;Malempati and Mogalla, 2011;McLennan et al, 2017). Therefore, a serious game that nudges users to improve memorability towards security questions, through educational interventions, could be an effective way to enhance users' behaviour to strengthen their answers to security questions.…”