Wednesday, February 05, 2014

from the StopCyberbullying Toolkit - Digital Hygiene - Passwords

The Weakest Link—Passwords

According to polls conducted by WiredSafety’s Teenangels, passwords are shared with at least one other person by 70% of teens. It is seen as a way of proving how much you trust a friend or romantic interest. And, when coupled with Parry’s polls of 20,000 elementary school students that showed 84% of them sharing their password with at least their best friend, we know we have a problem Houston! When friends are armed with your password and your secrets, it’s a bad and dangerous combination, especially when they have falling-outs every hour on the hour.
Even when they are careful not to share them, most passwords can be easily guessed, especially by someone who knows you and your community well. There are 20 questions that are the root of most passwords. The exact 20 may change based on your community and the age of the students, but they typically include the following:
o   Middle name
o   Favorite:
§  Sports team
§  Performing artist
§  TV show
§  Song
§  Movie
§  Food
§  Car
§  Quote
§  Book
o   The year you are expected to graduate
o   The college you want to attend
o   Your mom’s maiden name
o   Your pet’s name

They often also include “password,” “[the name of the site],” “[their name],” or “123456” to round out the pack. So, even if they haven’t been given the password as a token of friendship (like a friendship ring), they can easily guess it. (Think about your own password creation methods. Most of us adults fall into the same risk categories as our students!)

To top it off, in many cases students who want to abuse their friend’s passwords don’t even have to guess or remember it. Since friends using each others’ computers or devices often store their password for faster revisits, they merely need to call up the log-in page and there it is!

Saved passwords are a particular problem in schools and community access centers (libraries, for example). People of all ages tend to forget and instead save their passwords on the computer to make it easy for them when they return, but it also makes it easier for the next person to abuse them.

In younger years, the kids use each others’ passwords to log into their friends Webkinz and Club Penguin accounts and steal points, possessions, and loot. (This is called “gold” in gaming jargon.) One industrious third grader used her friend’s password to steal it back! (It’s called self-help. J) And while we lecture them on not sharing their passwords, they often give them out to have their best friends keep their virtual pets alive and well or to help them earn more points when their friends are better at the game.

We tell everyone to use a secure password, with capital and lowercase letters, numbers, and symbols. That sounds easy, but is usually very hard to remember. So then we write it down on a sticky sheet glued to our monitor or on a sheet of paper on our desk or save it under “passwords” on our desktop or in our documents folder. Not very secure!

So, if you have to use one of those kinds of passwords, use a sentence that includes memorable numbers instead. It starts with a capital letter, ends with punctuation (symbol), and has a number and lowercase letters too. It fits “Parry’s Easy to Remember—Hard to Guess Rule.”