“Passwords protect my stuff” - a study of children’s password practices

Yee-Yin Choong*, Mary F. Theofanos, Karen Renaud, Suzanne Prior

*Corresponding author for this work

Research output: Contribution to journalArticle

4 Downloads (Pure)

Abstract

Children use technology from a very young age and often have to authenticate. The goal of this study is to explore children’s practices, perceptions, and knowledge regarding passwords. Given the limited work to date and that the world’s cyber posture and culture will be dependent on today’s youth, it is imperative to conduct cyber-security research with children. We conducted surveys of 189 3rd to 8th graders from two Midwest schools in the USA. We found that children have on average two passwords for school and three to four passwords for home. They kept their passwords private and did not share with others. They created passwords with an average length of 7 (3rd to 5th graders) and 10 (6–8th graders). But, only about 13% of the children created very strong passwords. Generating strong passwords requires mature cognitive and linguistic capabilities which children at this developmental stage have not yet mastered. They believed that passwords provide access control, protect their privacy and keep their “stuff” safe. Overall, children had appropriate mental models of passwords and demonstrated good password practices. Cyber-security education should strive to reinforce these positive practices while continuing to provide and promote age-appropriate developmental security skills. Given the study’s sample size and limited generalizability, we are expanding our research to include children from 3rd to 12th graders across multiple US school districts.
Original languageEnglish
Article numbertyz015
Number of pages19
JournalJournal of Cybersecurity
Volume5
Issue number1
Early online date13 Dec 2019
DOIs
Publication statusPublished - 13 Dec 2019

Fingerprint

Access control
Linguistics
Education
Computer Security
school
Privacy
Posture
Research
Sample Size
best practice
privacy
district
Technology
linguistics
education

Cite this

@article{8a66ef5ec46644a3b5c1266eb9bb8ffe,
title = "“Passwords protect my stuff” - a study of children’s password practices",
abstract = "Children use technology from a very young age and often have to authenticate. The goal of this study is to explore children’s practices, perceptions, and knowledge regarding passwords. Given the limited work to date and that the world’s cyber posture and culture will be dependent on today’s youth, it is imperative to conduct cyber-security research with children. We conducted surveys of 189 3rd to 8th graders from two Midwest schools in the USA. We found that children have on average two passwords for school and three to four passwords for home. They kept their passwords private and did not share with others. They created passwords with an average length of 7 (3rd to 5th graders) and 10 (6–8th graders). But, only about 13{\%} of the children created very strong passwords. Generating strong passwords requires mature cognitive and linguistic capabilities which children at this developmental stage have not yet mastered. They believed that passwords provide access control, protect their privacy and keep their “stuff” safe. Overall, children had appropriate mental models of passwords and demonstrated good password practices. Cyber-security education should strive to reinforce these positive practices while continuing to provide and promote age-appropriate developmental security skills. Given the study’s sample size and limited generalizability, we are expanding our research to include children from 3rd to 12th graders across multiple US school districts.",
author = "Yee-Yin Choong and Theofanos, {Mary F.} and Karen Renaud and Suzanne Prior",
year = "2019",
month = "12",
day = "13",
doi = "10.1093/cybsec/tyz015",
language = "English",
volume = "5",
journal = "Journal of Cybersecurity",
issn = "2057-2093",
publisher = "Oxford University Press",
number = "1",

}

“Passwords protect my stuff” - a study of children’s password practices. / Choong, Yee-Yin; Theofanos, Mary F.; Renaud, Karen; Prior, Suzanne.

In: Journal of Cybersecurity, Vol. 5, No. 1, tyz015, 13.12.2019.

Research output: Contribution to journalArticle

TY - JOUR

T1 - “Passwords protect my stuff” - a study of children’s password practices

AU - Choong, Yee-Yin

AU - Theofanos, Mary F.

AU - Renaud, Karen

AU - Prior, Suzanne

PY - 2019/12/13

Y1 - 2019/12/13

N2 - Children use technology from a very young age and often have to authenticate. The goal of this study is to explore children’s practices, perceptions, and knowledge regarding passwords. Given the limited work to date and that the world’s cyber posture and culture will be dependent on today’s youth, it is imperative to conduct cyber-security research with children. We conducted surveys of 189 3rd to 8th graders from two Midwest schools in the USA. We found that children have on average two passwords for school and three to four passwords for home. They kept their passwords private and did not share with others. They created passwords with an average length of 7 (3rd to 5th graders) and 10 (6–8th graders). But, only about 13% of the children created very strong passwords. Generating strong passwords requires mature cognitive and linguistic capabilities which children at this developmental stage have not yet mastered. They believed that passwords provide access control, protect their privacy and keep their “stuff” safe. Overall, children had appropriate mental models of passwords and demonstrated good password practices. Cyber-security education should strive to reinforce these positive practices while continuing to provide and promote age-appropriate developmental security skills. Given the study’s sample size and limited generalizability, we are expanding our research to include children from 3rd to 12th graders across multiple US school districts.

AB - Children use technology from a very young age and often have to authenticate. The goal of this study is to explore children’s practices, perceptions, and knowledge regarding passwords. Given the limited work to date and that the world’s cyber posture and culture will be dependent on today’s youth, it is imperative to conduct cyber-security research with children. We conducted surveys of 189 3rd to 8th graders from two Midwest schools in the USA. We found that children have on average two passwords for school and three to four passwords for home. They kept their passwords private and did not share with others. They created passwords with an average length of 7 (3rd to 5th graders) and 10 (6–8th graders). But, only about 13% of the children created very strong passwords. Generating strong passwords requires mature cognitive and linguistic capabilities which children at this developmental stage have not yet mastered. They believed that passwords provide access control, protect their privacy and keep their “stuff” safe. Overall, children had appropriate mental models of passwords and demonstrated good password practices. Cyber-security education should strive to reinforce these positive practices while continuing to provide and promote age-appropriate developmental security skills. Given the study’s sample size and limited generalizability, we are expanding our research to include children from 3rd to 12th graders across multiple US school districts.

U2 - 10.1093/cybsec/tyz015

DO - 10.1093/cybsec/tyz015

M3 - Article

VL - 5

JO - Journal of Cybersecurity

JF - Journal of Cybersecurity

SN - 2057-2093

IS - 1

M1 - tyz015

ER -