Password management for kids - what's a good way to start?Password management/synchronization?Password Management within an OrganisationFOSS Enterprise Password Management SolutionWeb browser password management securitySecure password managementPassword managementPassword management: how an administrator should reset password for a user?Best way to store a password for web appAn idea for a universal password management standardVirgin air-gapped devices and password management
How should I save/invest for my son
In the Schrödinger equation, can I have a Hamiltonian without a kinetic term?
How can you tell the version of Ubuntu on a system in a .sh (bash) script?
If I buy and download a game through second Nintendo account do I own it on my main account too?
What is my clock telling me to do?
Was Donald Trump at ground zero helping out on 9-11?
What Marvel character has this 'W' symbol?
How can I convert a linear narrative into a branching narrative?
What force enables us to walk? Friction or normal reaction?
Can you remove a blindfold using the Telekinesis spell?
Why “deal 6 damage” is a legit phrase?
How and when is the best time to reveal to new hires you are trans?
How do I make my photos have more impact?
What would the United Kingdom's "optimal" Brexit deal look like?
Can machine learning learn a function like finding maximum from a list?
Is it possible to tell if a child will turn into a Hag?
Academic progression in Germany, what happens after a postdoc? What is the next step?
Best Ergonomic Design for a handheld ranged weapon
How can I type the name of the person I'm calling on the dial pad and make the call?
What is the oxidation state of Mn in HMn(CO)5?
Should I intervene when a colleague in a different department makes students run laps as part of their grade?
How to remove rebar passing through an inaccessible pipe
Why does the Rust compiler not optimize code assuming that two mutable references cannot alias?
Avoiding Implicit Conversion in Constructor. Explicit keyword doesn't help here
Password management for kids - what's a good way to start?
Password management/synchronization?Password Management within an OrganisationFOSS Enterprise Password Management SolutionWeb browser password management securitySecure password managementPassword managementPassword management: how an administrator should reset password for a user?Best way to store a password for web appAn idea for a universal password management standardVirgin air-gapped devices and password management
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty margin-bottom:0;
Consider a young (primary-school age) child who is starting to collect passwords for online services. How can a parent (or equivalent) help them manage their passwords?
An example to make things clearer: My daughter might want to log on to http://scratch.mit.edu from several locations/devices to show her projects to the family. She also has a couple of email addresses, one of which she's likely to be using herself soon (under supervision). While her own device will be logged in, she may need access from others.
So far I take care of it for her: I know her password and (pseudonymous) user ID, and store them in my KeePass. That's appropriate at this stage, but it's not much help if she needs them without me (short of sending login details in plaintext to her grandparents, for example). There should also be a solution that doesn't require me to possess these details, from the point of view of sticking to the general rule of keeping your login details secret. Memorising a really strong master password is probably a bit much to ask, and she's likely to mislay any physical storage.
I like to plan ahead, so moving forwards: What's the best approach to take for a young, fairly bright child, to keep logins safe and train good practice in advance of more important accounts?
password-management
asked 8 hours ago
Chris HChris H
2,9589 silver badges20 bronze badges
add a comment |
Consider a young (primary-school age) child who is starting to collect passwords for online services. How can a parent (or equivalent) help them manage their passwords?
An example to make things clearer: My daughter might want to log on to http://scratch.mit.edu from several locations/devices to show her projects to the family. She also has a couple of email addresses, one of which she's likely to be using herself soon (under supervision). While her own device will be logged in, she may need access from others.
So far I take care of it for her: I know her password and (pseudonymous) user ID, and store them in my KeePass. That's appropriate at this stage, but it's not much help if she needs them without me (short of sending login details in plaintext to her grandparents, for example). There should also be a solution that doesn't require me to possess these details, from the point of view of sticking to the general rule of keeping your login details secret. Memorising a really strong master password is probably a bit much to ask, and she's likely to mislay any physical storage.
I like to plan ahead, so moving forwards: What's the best approach to take for a young, fairly bright child, to keep logins safe and train good practice in advance of more important accounts?
password-management
asked 8 hours ago
Chris HChris H
2,9589 silver badges20 bronze badges
2
We've had a good few questions on password management in general, but I don't believe we've dealt with the aspects specific to kids: training and the fact they're kids.
– Chris H
8 hours ago
Great question! What sort of age range are you thinking of?
– Anders
8 hours ago
2
@Anders our edits crossed, but I've added a deliberately vague "primary age". In my case the early half of that - she's a little young for scratch but is starting to enjoy it
– Chris H
8 hours ago
add a comment |
Consider a young (primary-school age) child who is starting to collect passwords for online services. How can a parent (or equivalent) help them manage their passwords?
An example to make things clearer: My daughter might want to log on to http://scratch.mit.edu from several locations/devices to show her projects to the family. She also has a couple of email addresses, one of which she's likely to be using herself soon (under supervision). While her own device will be logged in, she may need access from others.
So far I take care of it for her: I know her password and (pseudonymous) user ID, and store them in my KeePass. That's appropriate at this stage, but it's not much help if she needs them without me (short of sending login details in plaintext to her grandparents, for example). There should also be a solution that doesn't require me to possess these details, from the point of view of sticking to the general rule of keeping your login details secret. Memorising a really strong master password is probably a bit much to ask, and she's likely to mislay any physical storage.
I like to plan ahead, so moving forwards: What's the best approach to take for a young, fairly bright child, to keep logins safe and train good practice in advance of more important accounts?
password-management
asked 8 hours ago
Chris HChris H
2,9589 silver badges20 bronze badges
Consider a young (primary-school age) child who is starting to collect passwords for online services. How can a parent (or equivalent) help them manage their passwords?
An example to make things clearer: My daughter might want to log on to http://scratch.mit.edu from several locations/devices to show her projects to the family. She also has a couple of email addresses, one of which she's likely to be using herself soon (under supervision). While her own device will be logged in, she may need access from others.
So far I take care of it for her: I know her password and (pseudonymous) user ID, and store them in my KeePass. That's appropriate at this stage, but it's not much help if she needs them without me (short of sending login details in plaintext to her grandparents, for example). There should also be a solution that doesn't require me to possess these details, from the point of view of sticking to the general rule of keeping your login details secret. Memorising a really strong master password is probably a bit much to ask, and she's likely to mislay any physical storage.
I like to plan ahead, so moving forwards: What's the best approach to take for a young, fairly bright child, to keep logins safe and train good practice in advance of more important accounts?
password-management
password-management
asked 8 hours ago
Chris HChris H
2,9589 silver badges20 bronze badges
asked 8 hours ago
Chris HChris H
2,9589 silver badges20 bronze badges
edited 8 hours ago
Chris H
asked 8 hours ago
Chris HChris H
2,9589 silver badges20 bronze badges
asked 8 hours ago
Chris HChris H
2,9589 silver badges20 bronze badges
asked 8 hours ago
Chris HChris H
2,9589 silver badges20 bronze badges
2,9589 silver badges20 bronze badges
2
We've had a good few questions on password management in general, but I don't believe we've dealt with the aspects specific to kids: training and the fact they're kids.
– Chris H
8 hours ago
Great question! What sort of age range are you thinking of?
– Anders
8 hours ago
2
@Anders our edits crossed, but I've added a deliberately vague "primary age". In my case the early half of that - she's a little young for scratch but is starting to enjoy it
– Chris H
8 hours ago
add a comment |
2
We've had a good few questions on password management in general, but I don't believe we've dealt with the aspects specific to kids: training and the fact they're kids.
– Chris H
8 hours ago
Great question! What sort of age range are you thinking of?
– Anders
8 hours ago
2
@Anders our edits crossed, but I've added a deliberately vague "primary age". In my case the early half of that - she's a little young for scratch but is starting to enjoy it
– Chris H
8 hours ago
2
2
We've had a good few questions on password management in general, but I don't believe we've dealt with the aspects specific to kids: training and the fact they're kids.
– Chris H
8 hours ago
We've had a good few questions on password management in general, but I don't believe we've dealt with the aspects specific to kids: training and the fact they're kids.
– Chris H
8 hours ago
Great question! What sort of age range are you thinking of?
– Anders
8 hours ago
Great question! What sort of age range are you thinking of?
– Anders
8 hours ago
2
2
@Anders our edits crossed, but I've added a deliberately vague "primary age". In my case the early half of that - she's a little young for scratch but is starting to enjoy it
– Chris H
8 hours ago
@Anders our edits crossed, but I've added a deliberately vague "primary age". In my case the early half of that - she's a little young for scratch but is starting to enjoy it
– Chris H
8 hours ago
add a comment |
3 Answers
3
active
oldest
votes
Maybe the lesson for children should be less about how to use tools to manage a password, and more about understanding why managing passwords is important?
Let them write their passwords in a notebook. Have fun with devising a method for obfuscation in case the notebook is lost. Teach them about backups- keeping a copy someplace safe. In my experience, kids and old people are a lot alike when it comes to password (mis)management
Until they were skilled enough to manage their own passwd database, i also kept the kids logins in a "family KeePass". This is the same one where the aged family members stuff is- because people die and sometimes you need to recover things for otherwise unable people. The trust/risk calculus is different in a family group than in a work or social circle. There is also a difference between sharing access to a password and sharing a password.
It is awesome that you are thinking about this early. good luck!
answered 8 hours ago
not_very_nicenot_very_nice
411 bronze badge
New contributor
not_very_nice is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
1
I'm not sure why this was downvoted... Possibly because of the advice to write passwords down. While not great advice, it's not the worst advice either, and is orders of magnitude better than reusing passwords. Especially if the passwords are obfuscated. (Hopefully a child isn't the target of a state-level-actor. ;-) )
– Ghedipunk
7 hours ago
1
@Ghedipunk obfuscation may be a little optimistic and kids are prone to losing things (and trying to solve the puzzles in their friends' notebooks for ill-advised pranks). But scepticism about one point didn't make a negative for me (+1 in fact)
– Chris H
7 hours ago
add a comment |
"Logging in from multiple devices" if you do not own them, is one habit that would need to be stopped for general security.
Once you own all the devices in the scenario, one method that I saw for young people that was useful is to avoid dealing with passwords altogether: use the "forgot password" process.
If the device is owned and access to email is on the device, then you simply request a password reset link and use that. Nothing to remember.
Another method is to use an online, family password manager (LastPass has this feature, for instance). This feature is designed specifically for this problem, but it has a cost, and you might not like the cloud storage and multi-device syncing. But having this and managing it for your child might be worth it.
You could also teach a strong password pattern. Yes, patterns have an inherent and obvious vulnerability, but it is a method that can be considered for your personal risk assessment.
I'm a fan of the "password reset" process, myself.
answered 8 hours ago
schroeder♦schroeder
84.1k34 gold badges188 silver badges225 bronze badges
Multiple devices - still true even if we restrict to immediate family (i.e. those who manage her devices). I will open that up to trusted (by me and her) adults who have complete physical access to her devices (e.g. grandparents). Restricting it beyond that is pointless paranoia and at odds with advice regarding a child's physical safety. Your blanket statement is still an unrealistic ideal - the days of "you must check in on a device capable of printing no more than 24 hours in advance" and similar stupid processes aren't completely gone.
– Chris H
7 hours ago
"forgot password" is a nice idea, though for some services it still takes ages and I'm looking at ways of restricting her email so I review mystery senders. It doesn't (and neither does an online service) deal with the boot password for my desktop, on which she has her own account
– Chris H
7 hours ago
You might need to edit your question to include the scope of the types of accounts you need to account for. Your example was for online services. If you include physical devices, then you are left with either simple memory, or alternate login options, which is beyond the scope of your desire for "password management".
– schroeder♦
6 hours ago
I actually have a big problem with my child logging into her grandparent's devices. Just because they have full control of the devices my child does, does not make the grandparent's devices trusted, secure, or safe.
– schroeder♦
6 hours ago
I have mixed feelings. Without going into too much detail, some I trust as I would my own, but others - let's just say I haven't had to fix them for a while. The physical devices came in mainly as an illustration of comparable issues, and aren't meant to be part of the real question. The boot password was maybe a red herring - after all, her access to that machine is supervised and under my control.
– Chris H
6 hours ago
add a comment |
Now i am not sure if i am right but i think teaching basic mnemonic techniques to kids seems like a wonderful idea to me.Its a skill that will help her lifelong and will also aid in avoiding writing down any passwords and low entropy password.Consider a 10 digit gibberish password such as 1kej@!lej2 .This could be easily remember if you just made up a story by using characters of the password.Schroeder's advice also seems good to be honest.You could also teach her in time "how to generate passwords with sufficient entropy" and use a password manager.Until then mnemonics should do fine for kids.They have a vivid imagination
answered 7 hours ago
Vipul NairVipul Nair
1,6071 gold badge5 silver badges17 bronze badges
It's a nice idea, and works for a few passwords, but I can't remember more than a handful that way. It seems optimistic to expect this approach to last long given how many passwords people acquire.
– Chris H
7 hours ago
1
"Memorising a really strong master password is probably a bit much to ask".I was pretty much commenting on this one actually.But you are right trying to remember 30-35 tough password's even with mnemonics is rather tough/impossible.
– Vipul Nair
7 hours ago
add a comment |
Your Answer
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "162"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
noCode: true, onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f214492%2fpassword-management-for-kids-whats-a-good-way-to-start%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
3 Answers
3
active
oldest
votes
3 Answers
3
active
oldest
votes
active
oldest
votes
active
oldest
votes
Maybe the lesson for children should be less about how to use tools to manage a password, and more about understanding why managing passwords is important?
Let them write their passwords in a notebook. Have fun with devising a method for obfuscation in case the notebook is lost. Teach them about backups- keeping a copy someplace safe. In my experience, kids and old people are a lot alike when it comes to password (mis)management
Until they were skilled enough to manage their own passwd database, i also kept the kids logins in a "family KeePass". This is the same one where the aged family members stuff is- because people die and sometimes you need to recover things for otherwise unable people. The trust/risk calculus is different in a family group than in a work or social circle. There is also a difference between sharing access to a password and sharing a password.
It is awesome that you are thinking about this early. good luck!
answered 8 hours ago
not_very_nicenot_very_nice
411 bronze badge
New contributor
not_very_nice is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
1
I'm not sure why this was downvoted... Possibly because of the advice to write passwords down. While not great advice, it's not the worst advice either, and is orders of magnitude better than reusing passwords. Especially if the passwords are obfuscated. (Hopefully a child isn't the target of a state-level-actor. ;-) )
– Ghedipunk
7 hours ago
1
@Ghedipunk obfuscation may be a little optimistic and kids are prone to losing things (and trying to solve the puzzles in their friends' notebooks for ill-advised pranks). But scepticism about one point didn't make a negative for me (+1 in fact)
– Chris H
7 hours ago
add a comment |
Maybe the lesson for children should be less about how to use tools to manage a password, and more about understanding why managing passwords is important?
Let them write their passwords in a notebook. Have fun with devising a method for obfuscation in case the notebook is lost. Teach them about backups- keeping a copy someplace safe. In my experience, kids and old people are a lot alike when it comes to password (mis)management
Until they were skilled enough to manage their own passwd database, i also kept the kids logins in a "family KeePass". This is the same one where the aged family members stuff is- because people die and sometimes you need to recover things for otherwise unable people. The trust/risk calculus is different in a family group than in a work or social circle. There is also a difference between sharing access to a password and sharing a password.
It is awesome that you are thinking about this early. good luck!
answered 8 hours ago
not_very_nicenot_very_nice
411 bronze badge
New contributor
not_very_nice is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
1
I'm not sure why this was downvoted... Possibly because of the advice to write passwords down. While not great advice, it's not the worst advice either, and is orders of magnitude better than reusing passwords. Especially if the passwords are obfuscated. (Hopefully a child isn't the target of a state-level-actor. ;-) )
– Ghedipunk
7 hours ago
1
@Ghedipunk obfuscation may be a little optimistic and kids are prone to losing things (and trying to solve the puzzles in their friends' notebooks for ill-advised pranks). But scepticism about one point didn't make a negative for me (+1 in fact)
– Chris H
7 hours ago
add a comment |
Maybe the lesson for children should be less about how to use tools to manage a password, and more about understanding why managing passwords is important?
Let them write their passwords in a notebook. Have fun with devising a method for obfuscation in case the notebook is lost. Teach them about backups- keeping a copy someplace safe. In my experience, kids and old people are a lot alike when it comes to password (mis)management
Until they were skilled enough to manage their own passwd database, i also kept the kids logins in a "family KeePass". This is the same one where the aged family members stuff is- because people die and sometimes you need to recover things for otherwise unable people. The trust/risk calculus is different in a family group than in a work or social circle. There is also a difference between sharing access to a password and sharing a password.
It is awesome that you are thinking about this early. good luck!
answered 8 hours ago
not_very_nicenot_very_nice
411 bronze badge
New contributor
not_very_nice is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
Maybe the lesson for children should be less about how to use tools to manage a password, and more about understanding why managing passwords is important?
Let them write their passwords in a notebook. Have fun with devising a method for obfuscation in case the notebook is lost. Teach them about backups- keeping a copy someplace safe. In my experience, kids and old people are a lot alike when it comes to password (mis)management
Until they were skilled enough to manage their own passwd database, i also kept the kids logins in a "family KeePass". This is the same one where the aged family members stuff is- because people die and sometimes you need to recover things for otherwise unable people. The trust/risk calculus is different in a family group than in a work or social circle. There is also a difference between sharing access to a password and sharing a password.
It is awesome that you are thinking about this early. good luck!
answered 8 hours ago
not_very_nicenot_very_nice
411 bronze badge
New contributor
not_very_nice is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
answered 8 hours ago
not_very_nicenot_very_nice
411 bronze badge
New contributor
not_very_nice is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
answered 8 hours ago
not_very_nicenot_very_nice
411 bronze badge
answered 8 hours ago
not_very_nicenot_very_nice
411 bronze badge
411 bronze badge
New contributor
not_very_nice is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
New contributor
not_very_nice is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
1
I'm not sure why this was downvoted... Possibly because of the advice to write passwords down. While not great advice, it's not the worst advice either, and is orders of magnitude better than reusing passwords. Especially if the passwords are obfuscated. (Hopefully a child isn't the target of a state-level-actor. ;-) )
– Ghedipunk
7 hours ago
1
@Ghedipunk obfuscation may be a little optimistic and kids are prone to losing things (and trying to solve the puzzles in their friends' notebooks for ill-advised pranks). But scepticism about one point didn't make a negative for me (+1 in fact)
– Chris H
7 hours ago
add a comment |
1
I'm not sure why this was downvoted... Possibly because of the advice to write passwords down. While not great advice, it's not the worst advice either, and is orders of magnitude better than reusing passwords. Especially if the passwords are obfuscated. (Hopefully a child isn't the target of a state-level-actor. ;-) )
– Ghedipunk
7 hours ago
1
@Ghedipunk obfuscation may be a little optimistic and kids are prone to losing things (and trying to solve the puzzles in their friends' notebooks for ill-advised pranks). But scepticism about one point didn't make a negative for me (+1 in fact)
– Chris H
7 hours ago
1
1
I'm not sure why this was downvoted... Possibly because of the advice to write passwords down. While not great advice, it's not the worst advice either, and is orders of magnitude better than reusing passwords. Especially if the passwords are obfuscated. (Hopefully a child isn't the target of a state-level-actor. ;-) )
– Ghedipunk
7 hours ago
I'm not sure why this was downvoted... Possibly because of the advice to write passwords down. While not great advice, it's not the worst advice either, and is orders of magnitude better than reusing passwords. Especially if the passwords are obfuscated. (Hopefully a child isn't the target of a state-level-actor. ;-) )
– Ghedipunk
7 hours ago
1
1
@Ghedipunk obfuscation may be a little optimistic and kids are prone to losing things (and trying to solve the puzzles in their friends' notebooks for ill-advised pranks). But scepticism about one point didn't make a negative for me (+1 in fact)
– Chris H
7 hours ago
@Ghedipunk obfuscation may be a little optimistic and kids are prone to losing things (and trying to solve the puzzles in their friends' notebooks for ill-advised pranks). But scepticism about one point didn't make a negative for me (+1 in fact)
– Chris H
7 hours ago
add a comment |
"Logging in from multiple devices" if you do not own them, is one habit that would need to be stopped for general security.
Once you own all the devices in the scenario, one method that I saw for young people that was useful is to avoid dealing with passwords altogether: use the "forgot password" process.
If the device is owned and access to email is on the device, then you simply request a password reset link and use that. Nothing to remember.
Another method is to use an online, family password manager (LastPass has this feature, for instance). This feature is designed specifically for this problem, but it has a cost, and you might not like the cloud storage and multi-device syncing. But having this and managing it for your child might be worth it.
You could also teach a strong password pattern. Yes, patterns have an inherent and obvious vulnerability, but it is a method that can be considered for your personal risk assessment.
I'm a fan of the "password reset" process, myself.
answered 8 hours ago
schroeder♦schroeder
84.1k34 gold badges188 silver badges225 bronze badges
Multiple devices - still true even if we restrict to immediate family (i.e. those who manage her devices). I will open that up to trusted (by me and her) adults who have complete physical access to her devices (e.g. grandparents). Restricting it beyond that is pointless paranoia and at odds with advice regarding a child's physical safety. Your blanket statement is still an unrealistic ideal - the days of "you must check in on a device capable of printing no more than 24 hours in advance" and similar stupid processes aren't completely gone.
– Chris H
7 hours ago
"forgot password" is a nice idea, though for some services it still takes ages and I'm looking at ways of restricting her email so I review mystery senders. It doesn't (and neither does an online service) deal with the boot password for my desktop, on which she has her own account
– Chris H
7 hours ago
You might need to edit your question to include the scope of the types of accounts you need to account for. Your example was for online services. If you include physical devices, then you are left with either simple memory, or alternate login options, which is beyond the scope of your desire for "password management".
– schroeder♦
6 hours ago
I actually have a big problem with my child logging into her grandparent's devices. Just because they have full control of the devices my child does, does not make the grandparent's devices trusted, secure, or safe.
– schroeder♦
6 hours ago
I have mixed feelings. Without going into too much detail, some I trust as I would my own, but others - let's just say I haven't had to fix them for a while. The physical devices came in mainly as an illustration of comparable issues, and aren't meant to be part of the real question. The boot password was maybe a red herring - after all, her access to that machine is supervised and under my control.
– Chris H
6 hours ago
add a comment |
"Logging in from multiple devices" if you do not own them, is one habit that would need to be stopped for general security.
Once you own all the devices in the scenario, one method that I saw for young people that was useful is to avoid dealing with passwords altogether: use the "forgot password" process.
If the device is owned and access to email is on the device, then you simply request a password reset link and use that. Nothing to remember.
Another method is to use an online, family password manager (LastPass has this feature, for instance). This feature is designed specifically for this problem, but it has a cost, and you might not like the cloud storage and multi-device syncing. But having this and managing it for your child might be worth it.
You could also teach a strong password pattern. Yes, patterns have an inherent and obvious vulnerability, but it is a method that can be considered for your personal risk assessment.
I'm a fan of the "password reset" process, myself.
answered 8 hours ago
schroeder♦schroeder
84.1k34 gold badges188 silver badges225 bronze badges
Multiple devices - still true even if we restrict to immediate family (i.e. those who manage her devices). I will open that up to trusted (by me and her) adults who have complete physical access to her devices (e.g. grandparents). Restricting it beyond that is pointless paranoia and at odds with advice regarding a child's physical safety. Your blanket statement is still an unrealistic ideal - the days of "you must check in on a device capable of printing no more than 24 hours in advance" and similar stupid processes aren't completely gone.
– Chris H
7 hours ago
"forgot password" is a nice idea, though for some services it still takes ages and I'm looking at ways of restricting her email so I review mystery senders. It doesn't (and neither does an online service) deal with the boot password for my desktop, on which she has her own account
– Chris H
7 hours ago
You might need to edit your question to include the scope of the types of accounts you need to account for. Your example was for online services. If you include physical devices, then you are left with either simple memory, or alternate login options, which is beyond the scope of your desire for "password management".
– schroeder♦
6 hours ago
I actually have a big problem with my child logging into her grandparent's devices. Just because they have full control of the devices my child does, does not make the grandparent's devices trusted, secure, or safe.
– schroeder♦
6 hours ago
I have mixed feelings. Without going into too much detail, some I trust as I would my own, but others - let's just say I haven't had to fix them for a while. The physical devices came in mainly as an illustration of comparable issues, and aren't meant to be part of the real question. The boot password was maybe a red herring - after all, her access to that machine is supervised and under my control.
– Chris H
6 hours ago
add a comment |
"Logging in from multiple devices" if you do not own them, is one habit that would need to be stopped for general security.
Once you own all the devices in the scenario, one method that I saw for young people that was useful is to avoid dealing with passwords altogether: use the "forgot password" process.
If the device is owned and access to email is on the device, then you simply request a password reset link and use that. Nothing to remember.
Another method is to use an online, family password manager (LastPass has this feature, for instance). This feature is designed specifically for this problem, but it has a cost, and you might not like the cloud storage and multi-device syncing. But having this and managing it for your child might be worth it.
You could also teach a strong password pattern. Yes, patterns have an inherent and obvious vulnerability, but it is a method that can be considered for your personal risk assessment.
I'm a fan of the "password reset" process, myself.
answered 8 hours ago
schroeder♦schroeder
84.1k34 gold badges188 silver badges225 bronze badges
"Logging in from multiple devices" if you do not own them, is one habit that would need to be stopped for general security.
Once you own all the devices in the scenario, one method that I saw for young people that was useful is to avoid dealing with passwords altogether: use the "forgot password" process.
If the device is owned and access to email is on the device, then you simply request a password reset link and use that. Nothing to remember.
Another method is to use an online, family password manager (LastPass has this feature, for instance). This feature is designed specifically for this problem, but it has a cost, and you might not like the cloud storage and multi-device syncing. But having this and managing it for your child might be worth it.
You could also teach a strong password pattern. Yes, patterns have an inherent and obvious vulnerability, but it is a method that can be considered for your personal risk assessment.
I'm a fan of the "password reset" process, myself.
answered 8 hours ago
schroeder♦schroeder
84.1k34 gold badges188 silver badges225 bronze badges
answered 8 hours ago
schroeder♦schroeder
84.1k34 gold badges188 silver badges225 bronze badges
answered 8 hours ago
schroeder♦schroeder
84.1k34 gold badges188 silver badges225 bronze badges
answered 8 hours ago
schroeder♦schroeder
84.1k34 gold badges188 silver badges225 bronze badges
84.1k34 gold badges188 silver badges225 bronze badges
Multiple devices - still true even if we restrict to immediate family (i.e. those who manage her devices). I will open that up to trusted (by me and her) adults who have complete physical access to her devices (e.g. grandparents). Restricting it beyond that is pointless paranoia and at odds with advice regarding a child's physical safety. Your blanket statement is still an unrealistic ideal - the days of "you must check in on a device capable of printing no more than 24 hours in advance" and similar stupid processes aren't completely gone.
– Chris H
7 hours ago
"forgot password" is a nice idea, though for some services it still takes ages and I'm looking at ways of restricting her email so I review mystery senders. It doesn't (and neither does an online service) deal with the boot password for my desktop, on which she has her own account
– Chris H
7 hours ago
You might need to edit your question to include the scope of the types of accounts you need to account for. Your example was for online services. If you include physical devices, then you are left with either simple memory, or alternate login options, which is beyond the scope of your desire for "password management".
– schroeder♦
6 hours ago
I actually have a big problem with my child logging into her grandparent's devices. Just because they have full control of the devices my child does, does not make the grandparent's devices trusted, secure, or safe.
– schroeder♦
6 hours ago
I have mixed feelings. Without going into too much detail, some I trust as I would my own, but others - let's just say I haven't had to fix them for a while. The physical devices came in mainly as an illustration of comparable issues, and aren't meant to be part of the real question. The boot password was maybe a red herring - after all, her access to that machine is supervised and under my control.
– Chris H
6 hours ago
add a comment |
Multiple devices - still true even if we restrict to immediate family (i.e. those who manage her devices). I will open that up to trusted (by me and her) adults who have complete physical access to her devices (e.g. grandparents). Restricting it beyond that is pointless paranoia and at odds with advice regarding a child's physical safety. Your blanket statement is still an unrealistic ideal - the days of "you must check in on a device capable of printing no more than 24 hours in advance" and similar stupid processes aren't completely gone.
– Chris H
7 hours ago
"forgot password" is a nice idea, though for some services it still takes ages and I'm looking at ways of restricting her email so I review mystery senders. It doesn't (and neither does an online service) deal with the boot password for my desktop, on which she has her own account
– Chris H
7 hours ago
You might need to edit your question to include the scope of the types of accounts you need to account for. Your example was for online services. If you include physical devices, then you are left with either simple memory, or alternate login options, which is beyond the scope of your desire for "password management".
– schroeder♦
6 hours ago
I actually have a big problem with my child logging into her grandparent's devices. Just because they have full control of the devices my child does, does not make the grandparent's devices trusted, secure, or safe.
– schroeder♦
6 hours ago
I have mixed feelings. Without going into too much detail, some I trust as I would my own, but others - let's just say I haven't had to fix them for a while. The physical devices came in mainly as an illustration of comparable issues, and aren't meant to be part of the real question. The boot password was maybe a red herring - after all, her access to that machine is supervised and under my control.
– Chris H
6 hours ago
Multiple devices - still true even if we restrict to immediate family (i.e. those who manage her devices). I will open that up to trusted (by me and her) adults who have complete physical access to her devices (e.g. grandparents). Restricting it beyond that is pointless paranoia and at odds with advice regarding a child's physical safety. Your blanket statement is still an unrealistic ideal - the days of "you must check in on a device capable of printing no more than 24 hours in advance" and similar stupid processes aren't completely gone.
– Chris H
7 hours ago
Multiple devices - still true even if we restrict to immediate family (i.e. those who manage her devices). I will open that up to trusted (by me and her) adults who have complete physical access to her devices (e.g. grandparents). Restricting it beyond that is pointless paranoia and at odds with advice regarding a child's physical safety. Your blanket statement is still an unrealistic ideal - the days of "you must check in on a device capable of printing no more than 24 hours in advance" and similar stupid processes aren't completely gone.
– Chris H
7 hours ago
"forgot password" is a nice idea, though for some services it still takes ages and I'm looking at ways of restricting her email so I review mystery senders. It doesn't (and neither does an online service) deal with the boot password for my desktop, on which she has her own account
– Chris H
7 hours ago
"forgot password" is a nice idea, though for some services it still takes ages and I'm looking at ways of restricting her email so I review mystery senders. It doesn't (and neither does an online service) deal with the boot password for my desktop, on which she has her own account
– Chris H
7 hours ago
You might need to edit your question to include the scope of the types of accounts you need to account for. Your example was for online services. If you include physical devices, then you are left with either simple memory, or alternate login options, which is beyond the scope of your desire for "password management".
– schroeder♦
6 hours ago
You might need to edit your question to include the scope of the types of accounts you need to account for. Your example was for online services. If you include physical devices, then you are left with either simple memory, or alternate login options, which is beyond the scope of your desire for "password management".
– schroeder♦
6 hours ago
I actually have a big problem with my child logging into her grandparent's devices. Just because they have full control of the devices my child does, does not make the grandparent's devices trusted, secure, or safe.
– schroeder♦
6 hours ago
I actually have a big problem with my child logging into her grandparent's devices. Just because they have full control of the devices my child does, does not make the grandparent's devices trusted, secure, or safe.
– schroeder♦
6 hours ago
I have mixed feelings. Without going into too much detail, some I trust as I would my own, but others - let's just say I haven't had to fix them for a while. The physical devices came in mainly as an illustration of comparable issues, and aren't meant to be part of the real question. The boot password was maybe a red herring - after all, her access to that machine is supervised and under my control.
– Chris H
6 hours ago
I have mixed feelings. Without going into too much detail, some I trust as I would my own, but others - let's just say I haven't had to fix them for a while. The physical devices came in mainly as an illustration of comparable issues, and aren't meant to be part of the real question. The boot password was maybe a red herring - after all, her access to that machine is supervised and under my control.
– Chris H
6 hours ago
add a comment |
Now i am not sure if i am right but i think teaching basic mnemonic techniques to kids seems like a wonderful idea to me.Its a skill that will help her lifelong and will also aid in avoiding writing down any passwords and low entropy password.Consider a 10 digit gibberish password such as 1kej@!lej2 .This could be easily remember if you just made up a story by using characters of the password.Schroeder's advice also seems good to be honest.You could also teach her in time "how to generate passwords with sufficient entropy" and use a password manager.Until then mnemonics should do fine for kids.They have a vivid imagination
answered 7 hours ago
Vipul NairVipul Nair
1,6071 gold badge5 silver badges17 bronze badges
It's a nice idea, and works for a few passwords, but I can't remember more than a handful that way. It seems optimistic to expect this approach to last long given how many passwords people acquire.
– Chris H
7 hours ago
1
"Memorising a really strong master password is probably a bit much to ask".I was pretty much commenting on this one actually.But you are right trying to remember 30-35 tough password's even with mnemonics is rather tough/impossible.
– Vipul Nair
7 hours ago
add a comment |
Now i am not sure if i am right but i think teaching basic mnemonic techniques to kids seems like a wonderful idea to me.Its a skill that will help her lifelong and will also aid in avoiding writing down any passwords and low entropy password.Consider a 10 digit gibberish password such as 1kej@!lej2 .This could be easily remember if you just made up a story by using characters of the password.Schroeder's advice also seems good to be honest.You could also teach her in time "how to generate passwords with sufficient entropy" and use a password manager.Until then mnemonics should do fine for kids.They have a vivid imagination
answered 7 hours ago
Vipul NairVipul Nair
1,6071 gold badge5 silver badges17 bronze badges
It's a nice idea, and works for a few passwords, but I can't remember more than a handful that way. It seems optimistic to expect this approach to last long given how many passwords people acquire.
– Chris H
7 hours ago
1
"Memorising a really strong master password is probably a bit much to ask".I was pretty much commenting on this one actually.But you are right trying to remember 30-35 tough password's even with mnemonics is rather tough/impossible.
– Vipul Nair
7 hours ago
add a comment |
Now i am not sure if i am right but i think teaching basic mnemonic techniques to kids seems like a wonderful idea to me.Its a skill that will help her lifelong and will also aid in avoiding writing down any passwords and low entropy password.Consider a 10 digit gibberish password such as 1kej@!lej2 .This could be easily remember if you just made up a story by using characters of the password.Schroeder's advice also seems good to be honest.You could also teach her in time "how to generate passwords with sufficient entropy" and use a password manager.Until then mnemonics should do fine for kids.They have a vivid imagination
answered 7 hours ago
Vipul NairVipul Nair
1,6071 gold badge5 silver badges17 bronze badges
Now i am not sure if i am right but i think teaching basic mnemonic techniques to kids seems like a wonderful idea to me.Its a skill that will help her lifelong and will also aid in avoiding writing down any passwords and low entropy password.Consider a 10 digit gibberish password such as 1kej@!lej2 .This could be easily remember if you just made up a story by using characters of the password.Schroeder's advice also seems good to be honest.You could also teach her in time "how to generate passwords with sufficient entropy" and use a password manager.Until then mnemonics should do fine for kids.They have a vivid imagination
answered 7 hours ago
Vipul NairVipul Nair
1,6071 gold badge5 silver badges17 bronze badges
answered 7 hours ago
Vipul NairVipul Nair
1,6071 gold badge5 silver badges17 bronze badges
answered 7 hours ago
Vipul NairVipul Nair
1,6071 gold badge5 silver badges17 bronze badges
answered 7 hours ago
Vipul NairVipul Nair
1,6071 gold badge5 silver badges17 bronze badges
1,6071 gold badge5 silver badges17 bronze badges
It's a nice idea, and works for a few passwords, but I can't remember more than a handful that way. It seems optimistic to expect this approach to last long given how many passwords people acquire.
– Chris H
7 hours ago
1
"Memorising a really strong master password is probably a bit much to ask".I was pretty much commenting on this one actually.But you are right trying to remember 30-35 tough password's even with mnemonics is rather tough/impossible.
– Vipul Nair
7 hours ago
add a comment |
It's a nice idea, and works for a few passwords, but I can't remember more than a handful that way. It seems optimistic to expect this approach to last long given how many passwords people acquire.
– Chris H
7 hours ago
1
"Memorising a really strong master password is probably a bit much to ask".I was pretty much commenting on this one actually.But you are right trying to remember 30-35 tough password's even with mnemonics is rather tough/impossible.
– Vipul Nair
7 hours ago
It's a nice idea, and works for a few passwords, but I can't remember more than a handful that way. It seems optimistic to expect this approach to last long given how many passwords people acquire.
– Chris H
7 hours ago
It's a nice idea, and works for a few passwords, but I can't remember more than a handful that way. It seems optimistic to expect this approach to last long given how many passwords people acquire.
– Chris H
7 hours ago
1
1
"Memorising a really strong master password is probably a bit much to ask".I was pretty much commenting on this one actually.But you are right trying to remember 30-35 tough password's even with mnemonics is rather tough/impossible.
– Vipul Nair
7 hours ago
"Memorising a really strong master password is probably a bit much to ask".I was pretty much commenting on this one actually.But you are right trying to remember 30-35 tough password's even with mnemonics is rather tough/impossible.
– Vipul Nair
7 hours ago
add a comment |
Thanks for contributing an answer to Information Security Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f214492%2fpassword-management-for-kids-whats-a-good-way-to-start%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
2
We've had a good few questions on password management in general, but I don't believe we've dealt with the aspects specific to kids: training and the fact they're kids.
– Chris H
8 hours ago
Great question! What sort of age range are you thinking of?
– Anders
8 hours ago
2
@Anders our edits crossed, but I've added a deliberately vague "primary age". In my case the early half of that - she's a little young for scratch but is starting to enjoy it
– Chris H
8 hours ago