The Best 'Going to College' Present for Your Child? A Password Manager

January 21, 2016

Chances are that your digitally savvy child already has dozens of passwords to access any number of apps, websites, and even school dashboards and testing portals. Your child is probably using really insecure passwords and it’s important that they don’t take that habit with them to college.

What makes a good password? First, It should not be just be text. In the recent Sony hack, 99 percent of the users only used alphanumeric characters. “Dictionary” attacks can compromise these passwords in seconds. Second, the longer the password is, the better. Eight character passwords are far less secure than those with twelve or more characters. Third, it should not be guessable. By that I mean don’t use “ebay” as your eBay password. Even unrelated random English words are easily cracked by hackers.

Nearly all of today’s mobile apps and web sites require passwords to verify user identity. Unfortunately, we humans are not very good at coming up with (or remembering) secure passwords, and worse, we tend to use the same passwords for different services, a huge mistake that allows an attacker to easily take over any services you use, multiplying the potential damage.

Manual password management leads to shortcuts, and bad passwords

As we all know, when you want to get something done on a web site and you have to log in, it’s annoying. It’s even more annoying when you can’t remember the clever and secure password you used last time and are forced to go to “Forgot my password” email recovery.

So what have we learned? We’re not very good at creating secure passwords, and we’re also not very good at remembering multiple passwords for many sites. How can a parent help their children protect themselves with secure passwords?

Password managers make it easy to use secure, unique passwords

The answer is called a “password manager”. These programs solve the above problems by monitoring your web browser and stepping in to help when you are asked to create a new password (they create really secure, random passwords) and every time you log in (they automatically enter your login and password, streamlining login). Think of the password manager as a big key ring that gives you access to all of your sites, freeing you from actually having to remember the specific passwords for any of them.

Another benefit is the ability to quickly change passwords on a site or sites when it becomes known that the site has been breached. Dashlane offers the ability to press a button and change your passwords on any number of sites you visit, which is what a security expert will recommend you do if you get any indications that someone has stolen your identity.

Create and remember just one, really great password and let the manager handle each site or app

Password managers only require you to remember one master password that you enter each time you need to log into a web site. It’s vital that you make the master password secure by making it long, using capital and lower case letters, as well as numbers and punctuation. I suggest a short phrase that is easy to remember and can be ‘passwordified’ by substituting numbers and adding punctuation.

Let’s suppose your son is a Star Wars fan, and therefore can easily remember “The Force Is Strong”. First let’s remove the spaces and put punctuation marks at the beginning and end, giving us “$TheForceIsStrong!”. Then let’s convert a few letters to numbers. The letter o becomes number zero, and letter i becomes number 1. Viola, we now have a very secure master password that is easily remembered .. “$TheF0rce1sStr0ng!”

At this point you are probably thinking the password manager would be a big target for hackers, since it is a honeypot of all of your logins and passwords for dozens or hundreds of sites. That is true, and the publishers of password managers have taken many steps to encrypt and secure your data. But the practical fact is that most people use terrible passwords and the bad guys are unlikely to expend the sort of effort needed to crack a hardened database when there are easier pickings everywhere else.

How much is your child’s security worth?

I strongly recommend preparing your children for online life in college and adulthood by providing them with a solid understanding of password security and tools that make it easy to practice good security. The costs of a potential identity theft, or even a practical joke from a friend who guesses a password are incalculable, and these services are quite reasonably priced.

I personally use Dashlane, but LastPass, KeePass, and 1Password are all considered top notch. Many of these services have an annual fee, which I feel is well worth it because the field of security requires constant updates to fend off new threats, and I don’t trust free services to keep up, nor do I want to look at ads inside my security system.

Be honest. How good are your passwords?

If you are like most parents, you also have a lot of duplicated, insecure passwords. While you are at it, you may want to get password manager accounts for each member of the family. Checking my account, I have over 400 sites and passwords, which would be impossible to remember individually. In today’s online world, I think the benefits of password managers are compelling for both parents and children.

My final thought is a reminder that passwords should be changed regularly, even though human nature drives us to keep that password we can easily remember. By using a manager with just a single master password, it’s much less painful to change your master password once a year.

Photo courtesy of Flickr.

Written by

Roy Smith

Roy Smith is founder and CEO of AgeCheq, a company that innovates within the intersection of privacy and mobile devices, providing the mobile app industry with solutions for transparency and compliance.