Using strong passwords is challenge for many adults, let alone children, but with so many cyber bullying incidents involving misusing a child’s social network account or school account to publish inappropriate material under their name, it is increasingly important to teach our kids how to handle their data securely. Breaches usually occur because a user has chosen a simple, easy to guess password or even disclosed their password to friends.
Creating Memorable Strong Passwords
So, how can we encourage kids to use complex passwords, that are still easy to remember and hard to guess? Many users choose easy to remember passwords, but this can make them easy to guess too. This problem is made worse when users recycle the same password on many accounts, so if for example a mail account is hacked, many associated accounts are also exposed.
Sometimes this is because users are told not to write passwords down; however if a password is written down but then kept securely this is less of an issue than using a simple password across multiple accounts. Obviously a post-it on the screen is a bad move though!
When creating a password, choose a combination that can’t be found in a dictionary or common password list – if someone (or a program) tries to crack your password they must work through these options before resorting to a ‘brute force’ attack of trying every combination of characters until yours is found. In a brute force attack the length of password therefore important.
Recommendations for creating strong passwords include:
- base a password on personal data, eg dog’s name, car registration, username
- choose a word found in a dictionary – password dictionaries make these particularly easy to crack in a ‘dictionary attack’
- use simple transformation or substitution eg drowssap or Pa$$w0rd
- use fewer than 8 characters and solely alpha- or numeric characters
- use four character types – lower case letters, upper case letters, numbers and other eg punctuation
- use long passwords – the longer the password, the harder it is to brute force. However, some older systems don’t allow this and have limits of 8 or 14 characters.
- use variations on different accounts
There are several methods for choosing memorable passwords and here are three to try:
Haystack (needle in a…)
Pad an easily remembered password with easily remembered characters, eg smilies, to make a lengthy but memorable phrase:
An example, using Bart 12 could be ..BB..@@..rr..TT..12
or Lisa could appear as : )LL__11__ss__AA:)
Try your choices on this GRC Haystack calculator.
Pick a memorable sentence then turn it into an acronym, keeping the punctuation too:
I love Ben & Jerry’s Chocolate fudge brownie! becomes
I’m going to get straight As in my Exams : ) becomes
Get your kids to think of sentences with you – often humour can make them more memorable.
Joined Unrelated Words
This can help create memorable passwords, although possibly less complex than those above. Put two improbable words together, add punctuation and numbers – remember to ensure you have four character types eg
Common Password Problems
A huge problem with passwords is the frequency of their use. If you choose a commonly used one, your account is much easier to break into. Ten of the most frequently used online passwords are:
The recent data loss at Sony raised some interesting points on password use. Troy Hunt’s excellent analysis highlights the simplicity of passwords used by the majority of those users whose details were hacked:
Password Length: 50% had less than 8 characters with 93% 6 – 10 characters.
Character variety: 50% of passwords used only one character type. Only 1% had a non-alphanumeric character.
Randomness: When compared to a password dictionary approximately two thirds were found.
Uniqueness: This data theft included passwords from multiple locations, yet when compared 92% were duplicated across systems.
So, it makes sense to teach our kids to use complex, strong passwords and it doesn’t need to be difficult. Talk it through with your children and with a little help they can protect their data and their online reputation, and can avoid a lot of difficulty and embarrasment.