The NIST has conducted a survey to gain more insight into the password habits of children. The organization noted that while passwords are a major cybersecurity concern amongst adults, there is comparatively little research into the password habits of the younger generation.
The problem is that today’s children spend just as much time online as their parents, with two-thirds of parents reporting that their child has access to a tablet, and one-third reporting that their child was under the age of five when they first used a smartphone. Cybercriminals, of course, do not differentiate between adults and children, which means that kids are facing the same cyberthreats as adult consumers.
Thankfully, there is some evidence to suggest that children are learning how to protect themselves. The survey itself polled more than 1,500 children between the ages of eight and 18. Those between third and fifth grade received the same questions as those between sixth and 12th grade, but with slightly different wording to account for age and language comprehension.
In their responses, the children indicated that they are aware of many cybersecurity best practices. For example, they know that they should memorize passwords instead of writing them down, and that they should log out after completing an online session. The passwords they used also got more sophisticated as they got older, with teenagers showing a preference for longer passwords with more symbols and numbers.
However, the children still displayed many of the same bad password habits as their adult counterparts. Most notably, kids admitted that they reuse passwords, and were even more likely to do so as they got older and opened more accounts. High school students also liked to share their passwords with their friends, with the researchers noting that sharing a secret like a password is one of the ways in which adolescents learn to build trust and make friends. As a result, they view a shared password as a privacy concern rather than a security one, and do not consider password sharing to be an inherently risky behavior.
While repeated passwords are a concern, children sign up for far fewer services than their parents, and consequently need to keep track of fewer passwords. As it stands, most kids only have two passwords at school and another two to four at home. Those passwords tended to feature references to sports, video games, movies, animals, and other aspects of their everyday lives, though their first password was usually set up by a parent. In that regard, parents could help set the precedent for good password behavior as their kids get older.
(Originally posted on FindBiometrics)