A 2nd-graders advice on choosing secure passwords

As we were driving home from visiting Grandma & Grandpa this evening, Meghan told me that she needed to change her password on the family iMac. Her password (which she chose when she was in Kindergarten) was nahgemnahgem—her first name spelled backwards, twice.

Since OS X doesn't have any listening network services enabeld by default, we've let the kids pick their own passwords. Meghan's first password wasn't too bad when the likely threats were only four and two years-old.

Along the way, though, her password has been compromised by her younger brothers—which is fair, since Meghan social-engineered them both out of their passwords just by (innocently) asking them the very first day they got their "logins."

Since it was just the two of us in the car, I asked her what kind of new password she would choose, and what she'd do to keep it secret. Her criteria amused me in a proud parental sort of way:

  1. "Make it kind of long"
  2. "Use words that first-graders wouldn't be able to read [or spell] yet"
  3. "Don't write it down on a paper and don't tell anybody!"

Meghan practices what she preaches. She combined two words that (she thinks) her brothers wouldn't be able to spell—which words, exactly, I'm not sure since she didn't say...


—Michael A. Cleverly

Permanent URL for this post: http://blog.cleverly.com/permalinks/75.html