, , Karen Renaud, Suzanne Prior
Children use technology from a very young age, and often have to authenticate. The goal of this study is to explore childrens practices, perceptions, and knowledge regarding passwords. Given the limited work to date and that the worlds cyber posture and culture will be dependent on todays youth, it is imperative to conduct cyber-security research with children. We conducted surveys of 189 3rd to 8th graders from two Midwest schools in the United States (US). We found that children have on average 2 passwords for school and 3 to 4 passwords for home. They kept their passwords private and didnt share with others. They created passwords with an average length of 7 (3rd to 5th graders) and 10 (6th to 8th graders). But, only about 13% of the children created very strong passwords. Generating strong passwords requires mature cognitive and linguistic capabilities which children at this developmental stage have not yet mastered. They believed that passwords provide access control, protect their privacy and keep their stuff safe. Overall, children had appropriate mental models of passwords and demonstrated good password practices. Cyber-security education should strive to reinforce these positive practices while continuing to provide and promote age-appropriate developmental security skills. Given the studys sample size and limited generalizability, we are expanding our research to include children from 3rd to 12th graders across multiple US school districts.
Journal of Cybersecurity
Children, Passwords, Authentication, Perceptions, Password practices