Have you ever thought about the passwords that you use? Or that you give to your children?

In our school, to get on to the school network the children simply type their name without a password but for online services there are usually criteria to meet before a password can be allowed. Some services, such as Google Apps, require a secure password. So how do you get children to have a secure password but also to remember it too? What if the password needs to be over 8 characters long as well? That just makes it more complicated.

We started looking into this at school and came up with a few ideas.

1) Even if you do use the same password for everything, never tell anyone that you do. At least pretend that for each different site or service you have some ingenious way of remembering different passwords.

2) Show the children a common list of passwords. We found a site like this one. We then talked about why these were common passwords. The fact is, ‘123456’ or ‘qwerty’ are easy to type and remember.

3) We then discussed a strong password. Now Google (here) suggests taking a phrase, using the first letter of each of the words in the phrase and then replacing some with capitals and some with numbers. One example I saw was “to be or not to be that is the question” becoming “tbontbtitq” and then with the capitals, numbers and punctuation “2boN2btIt?” – but the thing is, your average seven-year-old (or teacher) will struggle to remember this.

So we used a site called How Secure is My Password┬áto investigate password strength. Simply type in your password and it will say how long it would take a computer to crack your password. Now…I “think this site is legit, but just in case, I would use the service on a school/public computer rather than your home one. Just in case it does track it. You can never be too careful can you?

So, if I type in a word, it gives me a time and the longer the better. Testing it with a random word such as “monkey” it tells me that it is in the top 20 most used passwords. Not good. I try “football” and that is in the top 10. Even worse. However if I combine them to make “monkeyfootball” then suddenly it would take 8thousand years to crack the password. Adding a capital “M” makes it 133 million years!

The children had a great time finding random words that they could spell and remember to create their new passwords. One thing to be aware of, the children will type in “words” such as skdjghkjsahgnfvjkbb just to see the silly numbers that the site produces.

It is well worth showing this site to staff too. We managed to get around 30minutes discussion and exploration with year 5/6 children and has led to them being much more aware of their passwords and the idea of secure and unsecure passwords. In fact during one lesson the head -teacher was showing potential parents around the school and they were amazed at the level of discussion from the children and promised to go home and check their own passwords!

Out of interest, the password for this blog would take 10 days to crack.

Edit (3/11/12) – The secure password site has had an update and has made some great improvements:

  • Colour coding – As you type your password, the site colour changes from red, to orange to (hopefully) green if your password is secure enough
  • More Details – It gives you more information about your password e.g. the number of combinations that are possible
  • Improvements – At the bottom it suggests ways to improve your password such as making it longer or adding punctuation