How to Keep a Gamification System Secure - dummies

How to Keep a Gamification System Secure

By Kris Duggan, Kate Shoup

Not to get all Chicken Little on you, but you must take measures to secure the data you gather with your gamification program. These security measures are network-related security features and platform-related security features.

Network-related security features in gamified sites

Creating distinct user roles for each account and implementing a variety of network security options will help you to ensure that your data is secure when managing your gamification program.

On the topic of user roles in your admin system, the following roles are recommended:

  • Admin: Those with admin privileges have the power to administer the network, which includes creating, editing, or deleting other accounts as well as modifying security settings. When employees leave the company, you can easily revoke their access to your gamification program.

  • User: If an employee will be working on your gamification platform but does not need the ability to administer the network, the user role is appropriate.

  • Read only: You might assign the read-only role to someone who just needs to view reports, or to outside vendors or contractors.

With regard to network security options, it’s suggested you take the following steps to limit hooliganism on your system:

  • Limit failed login attempts: Determine how many login attempts are allowed and, when this number is exceeded, lock out the offending account until an admin unlocks it.

  • *Log out the account after a certain amount of time: If, after x minutes, no activity occurs on the account, shut that puppy down.

  • Enable IP whitelisting: Whitelisting means to authorize access. Enabling IP whitelisting restricts access to your network to only those IP addresses (or to a range of addresses) you choose.

  • Require strong passwords: If you’re one of those people who just uses their dog’s name as a password, a pox be upon you. These days, passwords should be a minimum of eight characters and contain at least one alpha and one numeric character. For even stronger passwords, go for a minimum of 12 characters, with at least one alpha, one numeric, and one special character.

Special characters include the ones used in comic strips to denote foul language — think !@#$%^&*()-_+=~`|{}[]:”;’<>?,./ and .)

On the subject of passwords, you should require users to change their passwords on a semi-regular basis, and you should not permit users to reuse old passwords after they’ve been changed.

Generally speaking, authentication isn’t something that happens on the gamification side. Rather, authentication occurs on the web platform side. That is, users log in to your site using that site’s authentication procedure; once they do, the gamification elements are automatically made available to them.

Platform-related security features in gamified sites

You should be aware that in addition to implementing network-related security features, there are a few platform features that prevent system misuse. These can include the following:

  • Private and public API keys: For calls that involve crediting users or creating and managing rewards, you can use a private key for server-to-server communication that isn’t visible to end-users. Using this private key in conjunction with SSL (mentioned momentarily) provides significant security without affecting performance. You can use the public key with the JS API to quickly enable a powerful visualization layer.

  • Read and write APIs: Using read and write APIs is a fancy way of saying you can get, post, push, and delete data. Thus, you have endpoints that let you list or read data. You have other endpoints that let you create, update, and delete. Usually, read-only APIs refer to read-only API keys.

  • SSL: Short for Secure Sockets Layer, SSL is a cryptographic protocol that provides security for communication over the Internet by encrypting segments of network connections.

For best results, you can use a combination of these features to ensure your experience is secure.