Security from the mind of a 7 year old
Computer security & passwords so simple a 7 year old can do it!
I tweeted this yesterday:
I have a 7 year old daughter. She’s no tomboy. She does competitive cheer, plays with American Girl dolls, and loves her daddy. She’s already having to write short papers for school. So, for Christmas we got her a Chromebook that she could start using instead of my computers.
The screen doesn’t work
We ended up making a small scavenger hunt for her to find it. She went from the tree, to the beer fridge, to her room, then finally ended up in another room where everything was already set up for her. She saw the setup and was so excited. First thing she did was flip open the laptop and start trying to touch and tap the screen, which doesn’t do anything. Coming from an iPad, her first statement is “Daddy, the screen doesn’t work.” Introducing the trackpad to her to move the mouse was a fun lesson.
It’s your name…
Being a Chromebook, the first thing you have to do is link a Google account to it, which would be the ‘laptop owner’, so I use mine. Then on to creating a Google account with a simple password for her. After she’s all setup, she asks me what her password is. I tell her “It’s your name and your birth month”. This was unacceptable to her. She asks me how she can change her password.
Here’s how the conversation went:
Me: “Why do you want to change it?”
Her: “Because you know it.”
Me: “What’s wrong with that?”
Her: “It’s too easy.”
Me: “Well, you want to make a password something you can remember.”
Her: “Ok, I have one.”
Me: “Ok, what is it, I’ll type it in for you.”
Her: “No, I’ll do it.”
At this point I move and let her sit down to type her new password in… twice. I was shocked with what she typed.
What does that password mean?
Well, maybe it wasn’t the most complex password I’ve seen, but for a 7 year old?! I watch her type in a 9 character, all numeric password… twice! I’m going through what she typed in my head:
Not related to her birth year, month, or day…
Not our address…
Not any of our phone numbers…
So, I ask her “What does that password mean?”. She simply says “It’s something I can remember.” She doesn’t write it down… nothing!
Passwords are important
Of course, my daughter knows what I do for a living, but when people ask her what daddy does, she usually says “He drinks beer at work.” This was a conversation point at her school once. In fact, one teacher got a little too close to me the day they talked about what mommy and daddy do for work. Who cares!? It’s good to know that she’s listened to my security rhetoric at some point.
Hacking is a game
I did the math and figured it would take Neo between 40–100 days to brute force her password. That’s a win for her in my book! You see, hacking is a game of numbers. Unless you’ve seriously pissed someone off or have some serious value to a hacker, they’re not going to focus on you for too long.
Hacking is a game of time management.
If it’s going to take 80 days for someone to hack you or 5 minutes for them to hack someone else, what do you think they’re going to choose? In most cases, this is the exact mindset of a hacker. Hack 100 people in the time it takes to hack one.
It all starts with your passwords. Protect them with your life. Passwords should
My surefire password tips
- Don’t use anything that is common sense, like your name, address, etc.
- Make it at least 8 characters.
- Don’t just use a word in the dictionary.
- Use a mixture of letters, numbers, and special characters.
- DO NOT write it down!
- DO NOT reuse passwords (what if one social media account gets hacked… do they all fall down?).
- User multi-factor authentication when it’s available (I use the Google Authenticator for services that work with it).
If it’s hard to remember all those passwords try using a password management application, such as EnPass. It syncs across all your devices, so you’ll never be left without knowing your password.
