SecureState Blog

Read SecureState's award winning blog.

It’s Never Too Early to Teach Your Kids about Security

Like many parents, we’ve sent our kids back to school and we discuss among ourselves how quickly kids grow up. What some parents don’t realize is that their kids, especially those in middle school and high school, will be receiving passwords or having to create their own passwords for various sites or services they will need throughout the school year. Having a fifth grader myself, I knew that this day would come and that I’d have to address the technology issue.

Technology including mobile devices and web applications are now tightly integrated into our schools, whether you like it or not. In fact, middle schools (as early as fifth grade) are encouraging the use of iPhones, iPads, iPods, Android devices and more by students in the classroom. That’s great for a lot of educational reasons. However, if kids are not taught basic device security (theft of these alone is a big problem) or learn basic password management skills for the applications they use, we’re setting our kids up for long term failure from a security perspective. The security skills kids learn today are extremely important as passwords (in some form) will most likely be used by them throughout their lifetime.

Passwords are not going away anytime soon

Many in the security community will argue that passwords are dead, and we are starting to see this come to fruition from a password cracking perspective. In fact, there have been some great strides done in just the last month or so with some of the latest password cracking tools that make passwords and passphrases (or the storage of passwords and passphrases) less secure than ever before. However, until we see a real replacement for passwords (which may not happen anytime soon) we have no choice but to do the best we can and educate ourselves and our kids on what constitutes a good password.

What are our schools teaching our kids?

Lucky for my kids, I’ve been teaching them from an early age (since they started playing online games like Webkins) about choosing passwords that are not guessable and telling them the importance of not sharing passwords with their friends. They know better, but what about our schools?

Here is a great example that many parents might face. I get a text from my daughter in her first week at school that she was assigned a password for one of the systems they use. The password issued was “password” with a number after it. She found out later that only the school can change this password, not the student. As you can see in the screen shot, my daughter’s response was one of disappointment in the school for having a password that she could not change.

Now I’m not blaming anyone for this situation, it is what it is. I assume the school and her teacher are probably just following what was given to them. 

This issue did make me think though…who’s teaching our teachers about good passwords? Why didn’t the teacher or the school administration say “Wow, these are really bad passwords we’re giving our students”? Could it be because they don’t know what good passwords are either? The lesson here is that we can’t always rely on our teachers to teach things like this to our kids (nothing against teachers, they are busy teaching lots of other important things). It’s up to parents to teach our kid’s things like this and it’s never too early to start.

Password Management 101 for Kids

Kids need simple ways to select and remember passwords. Having kids try to remember multiple passwords that are all unique and different in their heads is a

losing battle. Heck, even for adults this is extremely difficult. Here are the top three tips that I recommend parents (and teachers) share with their kids.

#1 Teach Kids to Never Share Passwords with their Friends

This is the first ground rule and the first conversation you should have with your kids, no matter what password solution you choose. I’ve seen it myself already by overhearing kids saying things like “Hey Timmy, check out the cool stuff I made in this game, here’s my password.” Kids need to know that it’s not ok to share passwords with their friends. It always ends up bad. The one caveat is that kids do need to share their passwords with you, the parent! In fact, you should encourage them to share their passwords with you. Having their passwords helps you keep an eye out on what they are accessing and sites they are using. This really applies to younger kids but teenagers need oversight as well. Also, having access to their passwords can help start a conversation like “How secure are your passwords?” This is where you can help curb bad password habits that might be forming.

#2 Use Passphrases vs. Passwords

This is the easiest option and it’s where I recommend kids and parents should start. Tell your kids to think of this like a hashtag that is used on social media (if you don’t know what a #hashtag is, ask your kids or check out this description).

Ask your kids what their favorite song or video game is and make a passphrase out of it. For example: “iloveminecraftcreepers” is the start of a great passphrase that any kid that plays Minecraft would remember. Next, add a little more complexity with a special character like “!”. For their Minecraft login something like “iloveminecraftcreepers!” and one for a school account like “iloveminecraftcreepers@school!” You could even make a hashtag out of it by adding “#” in front of the passphrase. You’d be surprised how quickly kids can remember little phrases like these with little variations thrown in.

#3 Use a Password Manager or Generator

If you or your kids are more tech savvy or are starting to have more than just a few passphrases to remember, I recommend to start using a password manager. There are lots of these out there, like KeePass or LastPass. Most of these applications allow you to access your password vault on mobile devices as well. The one caveat to password managers is that you need a strong passphrase for your password vault. If this passphrase is compromised, all your passwords are potentially compromised as well, so keep this passphrase safe. Here’s a list of password managers I recommend which are fairly easy for kids to learn:

KeePass (free)

LastPass (free or $12 per year for the premium version)

mSecure Password Manager ($9 for the mobile version)

One other password solution which I found interesting is called PasswordCard. This is a randomly generated “card” which you can carry with you (or store someplace safe) to create and remember complex passwords. The caveat to this solution is that you have to make sure you don’t lose your card! For kids, this can be challenging, but they also have a mobile version of the card that can be stored on a mobile device. Your password card also has a “key” which is unique to your card so you can regenerate it if it’s lost. Just make sure you secure your key someplace safe.


With any password manager you choose, make sure you work with your kids to configure and use these applications. I highly recommend that you use these applications yourself first, because if you find that they are hard to use, your kids probably won’t figure them out either. J

Speaking of Mobile Devices…

Regardless if your kids are going to store a password vault on their mobile devices (or anything on their mobile devices for that matter) make sure they use a passcode to lock the device! Loss or theft of mobile devices at schools is extremely common! Make sure mobile device passcodes are at least 6 characters and not something simple like 123456. Also, make sure the device is erased after 10 failed attempts. You can find these settings in the “Settings” area of most mobile device operating systems. For more information check out my article on “Top 5 Security Settings for Apple iOS”.

Problems You Will Encounter

You and your kids will most likely run into problems with sites and services that

either don’t allow long passphrases or only allow specific characters in the passwords you use (shame on these sites by the way). My advice is to do the best you can. Sometimes you will have to make exceptions and create a long and a short passphrase, depending on the sites and services you encounter.

You’re the Parent, Do What Works for Your Family

Remember, whatever solution you choose needs to work for your family. Some parents feel that writing passwords down and storing them in a safe place works for them. For others, they may encourage their kids to use a password manager or have them memorize passphrases. Every family is different so choose what’s right for you and your kids.