Child-Suitable Alternatives To Passwords?

An anonymous reader writes "Two months ago I donated my old PC to my little sister, who is 7 — I had promised she would get her own computer as soon as she can read and write properly. I then proceeded to answer her questions about how it works, as far as she inquired, and tried to let her make some choices when installing Debian (she can already use GNOME). As I explained password protection and encryption to her, I was pleasantly surprised when she insisted on protection measures being as strong as possible, so that no one else can screw with her computer. She knows that my younger brother has to endure strict parental control software that was installed on his machine without his consent. The significant problem is that she cannot permanently memorize abstract passwords, even if they are her own creation. I talked with a teacher who assured me that this is common at her age. My parents would probably be able to guess non-abstract passwords. What mechanism of identifying herself does the Slashdot crowd suggest?"

passphrase

[moderatorrater]

Teach her to use passphrases, something like 'My favorite food is steak'. This is something that's easy for her to remember and also hard to break just from the sheer size of the password. When she's old enough, she'll figure out how to make hard passwords on her own; just give her a few suggestions about capitalization, numbers and symbols.

Private key on a USB stick

[jjon]

That way she has a token that she can easily carry with her (or hide in her room) that will identify her. Bonus points for using a USB key that is brightly coloured or is otherwise aesthetically child-friendly.

Alternatively, consider fingerprints - this may actually have quite poor security, but in this case it's probably good enough. And the privacy issues don't apply in this case (she _wants_ the security and her fingerprint will only be stored on her own PC). The other known problem is that some people don't have usable prints, but this is something you can check.

nice one, some suggestions

[emj]

PAM USB auth [novell.com].. Then you can take the smallest USB flashdrive [engadget.com] you can find. Then build it into something fluffy and big.

Re:Fingerprint?

[Panaflex]

For all those people who haven't worked in biometric security - let it be known now and forever: Reading children's fingerprints is usually fraught with failure. Children often have very, very soft skin that often doesn't read on scanners(flattens against the glass). Also - their lines are typically much closer together which often confuses reader software, or goes beyond the dpi of the scanner.

Fingerprint + Children = bad combo.

(A public service announcement)

Re:same reason you should

[crmarvin42]

Casual discovery by accident with out further access is completely different from the volumes and types of smut available online. I've got no problem with the girl having an account and a password, but the idea of my daughter having access to the internet without me being able to monitor what she does scares the crap out of me. I didn't tell my parents anything but when they got concerned they were able to toss my room and find anything they didn't think I was mature enough for. It's much harder to toss a computer account that you don't have the password for. It's akin to giving you 7 year old a solid door and deadbolt system to their room without keeping a copy of the key for your self. It's just plain stupid.

Re:Fingerprint Reader?

[snowraver1]

Wow... Are we talking about the DoD here or a 7 year old girl's computer... IMO a seven year old does not require digital privacy in thier home.

That being said just use a sticky note hidden somewhere or something. Or use a non-abstract password, like her favourite food, or least favourite food. How long would it take you to guess "fudgeicle"?

And, it's already been mentioned that the parents persumabally have physical access to the computer, and if they have the know-how and confidence to install some sort of parental control into a linux distro, then the password is not going to be a problem for them to bypass.

Kids do what adults do--they write them down.

[HikingStick]

I was shocked a number of years ago when I was moving some furniture so the floors could get cleaned behind the beds. There, under my (then) five year old's mattress, was a complete list of all of my (and my wife's) passwords. He had everything (from multiple machines): power-on passwords, logon passwords, email account passwords, merchant passwords--even our online banking passwords!

[No, they were not all the same. Some of them were quite complex, too, like 'ni*45FPN!ng'. I got to play "change-the-password" for a few hours that evening.]

I asked him how he got them: he shoulder-surfed us for every one of them. The reason he had them? He wanted to sneak down to the computer at 3 in the morning and play Spooky Castle.

That scared the snot out of me. Now, I know he may not be the typical kid, but it just goes to show that you really can't be too careful with your passwords.

As to the boy, I started encouraging him to use his powers for good. I teach network administration at an area college, so I started bringing him with when I had to configure the lab. He caught on quick, and was a huge help. He's just over 11 now, and while he's still one of the most tech savvy kids in the house, he has little interest in PCs (that might be a good thing). He'd rather spend time outdoors (even when it's thirty below zero) or with his pet cockatiel.

Re:Fingerprint Reader?

[KillerBob]

A fingerprint reader wouldn't work. Fingerprint reader software (such as the wonderfully open source ThinkFinger) map out a fingerprint by locating easily identifiable marks, such as swirls or dead-ends, and map their proximity to other easily identifiable marks. As this girl is seven its fair to assume that in a few more years her fingers will be twice their current size.

The fingerprint will be the same, but scaled up so all proximity will be lost.

The fingerprint readers we use in our computers at work read by proportional distance, not physical distance. If you define the distance between two key points at opposite ends of the finger as a distance of 100% and an angle of 0 degrees, the rest of the points are defined using those terms. So Point C may be at 23 degrees left, 15% distance, point D may be 16 degrees right, 4% distance, etc.

In that case, the fact that the finger grows larger over time makes no distance, because the points it's measuring are still in the same position, proportionally, just with a different scalar multiplier.

Re:Pictures

[KublaiKhan]

Legally, it is a dictatorship--the parents are responsible for the actions of the children, after all, and (within certain basic restrictions) whatever they choose to do is allowed.

Privacy is not a guaranteed right for children.

Re:Pictures

[AtomicSnarl]

As opposed to:

I watched my daughter enter the password -- she typed "minniemickydonaldpluto."

I said, "Wow, darling, that's a really big password!"

She replied, "Well, they said it had to be at least four characters..."

Re:Pictures

[Rei]

If you have access *and you know what you're doing*. I get the impression that the parents don't. As for whether the submitter should be doing it, if the parents are the type who install cybernanny software on their kids computers, I say go for it.

Anyways, as for passwords: what about acronym passwords? I love them because they're so easy to memorize, yet end up quite random. Have your sister think of a phrase -- for example, "Mom and Dad, leave me alone!" -- and then make an acronym out of it, like "MaD,lma!"

Re:Pictures

[sricetx]

"I did not understand that point of view at 7, and I do not agree with it a 40-something."

What you are not understanding, and should as a 40-something, is that parents are legally responsible for their children (speaking about the USA here). To not know what your child is doing online could get you as a parent sued or in serious trouble with the law. Parents need to know what their children are doing, for both the kid's sake and their own.