Passwords are necessary to access personal accounts on a computer network. They serve as “authentication” devices and uniquely identify someone as being who they claim to be. Of course, correct authentication prevents others from accessing or altering your personal data. In our current Information Age, passwords are a part of everyday life. However, some users inadvertently make themselves vulnerable to cyberbullying by exposing or carelessly distributing their password. Many youth simply don’t see the risk in telling others their password. In our school assemblies to students, we ask how many of them know their best friend’s computer password, and (perhaps not surprisingly) a majority of the hands are raised. To be honest, this is very alarming to us. Even if youth are responsible enough not to distribute their passwords deliberately, they might inadvertently expose them to others. Many users leave their passwords on a sticky note next to their computers (in case they forget it!). Someone who visits may see it and remember it for later use.
Why is it important to keep passwords secret? An example will help to illustrate the potential problems. A teenage boy might select a Facebook password that is very difficult to guess, but because it is so difficult, might write it down on a small slip of paper taped underneath his keyboard. When his best friend comes over for a visit, the keyboard might accidentally be dropped—revealing the taped paper and, consequently, the password. If that friendship goes sour, the password could be used by the (ex-) best friend to access the account and then upload humiliating content for everyone to read or see.
Even if adolescents are extremely careful in never writing down their passwords or disclosing them to others, a password might still be discovered through other means. For example, some Internet content providers have “password hint questions,” which allow users to retrieve forgotten passwords to online accounts by responding correctly to the questions presented. If the response is successful, an e-mail is sent to the address associated with the account. Within this e-mail, the current password or a new password is given. One of these password hint questions might be “What is my pet’s name?” If someone knows your pet’s name and you’ve used it as a password hint, an e-mail with password information would be sent to the relevant e-mail account. If a person knows how to access that e-mail account, access to other Internet accounts may be possible. Through this procedure, a person can change the passwords of all of your other online accounts simply by having access to your e-mail and knowing a few facts about you.
Finally, some people use the same password for multiple purposes—school and personal e-mail, Facebook, instant message and chat programs, eBay, PayPal, and many other accounts online. As such, finding out the password to one account can lead to simple access to other accounts. While we are considering cyberbullying in this text, there are obvious risks associated with identity theft when someone commandeers another person’s password. Below is a list of some of our recommendations that everyone —children and adults alike— should follow when creating passwords for Web- and software-based accounts.
Recommendations for Creating a Unique Password
• Use passwords with at least seven characters
• Make a mixture of UPPER and lower case letters, numbers, and non-alphabetic characters
• Use first letters of an uncommon sentence, song, poem, quote, etc.
• Use word fragments not found in the dictionary (mihtaupyn)
• Use short words separated by characters (dog%door; candy$trip)
• Transliteration: like “vanity license plates” (e.g., “Elite One” becomes “E1te0nE”)
• Lines from a childhood verse or popular song (“Baby you’re a firework, Come on let your colors burst” becomes ByafColycb)
• Phrases from movies (“May the Force be with you” becomes MtFbwu)
• Expressions inspired by the name of a city (“Big lights will inspire you, let’s hear it for New York” becomes BLwiylhifNY)
• Interweave characters in two words: (“Play Date” becomes PateDlay)
Are there any other safe password practices that you follow and recommend to others that have worked particularly well? Please let us know.