Wall Street Journal Piece
This blog post was co-written by Suzanne Prior (Abertay University).
Children are increasingly being exposed to and using technology from a very young age for both education and recreation. This has never been more true than in 2020 when the vast majority of Scottish children are relying on online resources to access educational resources and communicate with family and friends.
Many of the resources and websites used along with the devices they are accessed on require the use of a password to authenticate. However, young children do not necessarily have the skills and knowledge which is required to use and maintain these passwords appropriately.
This paper aims to address the following issues:
- Determine what best practice currently is in regards to password management using international guidance.
- Examine how this best practice currently maps to the educational resources available to parents and teachers wishing to educate children about passwords
- Develop an overview of the appropriate ages at which it can be assumed a child will be able to understand and apply each piece of guidance.
Current Best Practice
Key messages from review of official guidance from the UK and other governments:
- Passwords protect valuable assets and confirm the identity being claimed
- There can be dangers in using passwords such as shoulder surfing; phishing; keylogging; social engineering; password guessing; writing down passwords; forgetting passwords; network sniffing; and reusing a password which has already being cracked. The consequences of this are that a person can be impersonated.
- When creating a password people should: match the value to strength; use a passphrase rather than focussing on a complex password; ensure the password is both memorable and unpredictable; not reuse passwords; and choose passwords which will be easy to type quickly.
- Once a password is created it should not: be written down; changed regularly; or shared. If the user suspects they have been hacked then the password should be changed.
- When entering a password a user should: ensure they are not being observed; check the URL of the website before entering a password and that HTTPS is being used; and check the device being used for a physical keylogger.
- There are tools which can and should be used whenever possible, firstly password managers and secondly two factor authentication.Current Resources available for Educators
Development of Guidance
Having determined that current educational resources do not provide up to date guidance for parents and teachers a set of ontologies were created showing the guidance that might be expected to be understood by children across three different age groups. This was validated through work with educational psychologists and parents.
Check out the paper we published: in the International Journal of Child Computer Interaction Suzanne Prior and Karen Renaud. Age-Appropriate Password “Best Practice” Ontologies for Early Educators and Parents. To Appear in the International Journal of Child-Computer Interaction.
Story telling for early-years cyber security
by Wendy Goucher