Security group IRISSCERT promotes safe password use among teens

9 May 2012

IRISSCERT, the non-profit computer emergency response team, has launched an awareness campaign to highlight the need for secure passwords among teenagers and young adults.

The hook for the campaign likens treating a password to how people treat their toothbrush: choose it wisely, use it regularly, change it often and never share it with anyone.

Starting Wednesday, 9 May, the week-long initiative will be backed by a publicity effort involving 20,000 free toothbrushes and leaflets being distributed to schools and universities.

The campaign also has a dedicated Facebook page, where there’s more information about creating and using secure passwords. IRISSCERT is also conducting a poll on the page to identify attitudes towards using passwords. Anyone who enters the survey will be automatically entered into a draw for a free netbook.

Prior to the campaign, IRISSCERT ran a survey on password usage among 120 teenagers. Among the findings were that almost two-thirds (62pc) don’t use a password on their smartphones, while one in three (36pc) share their passwords with close friends or relatives.

More than half (56pc) said they never change their passwords and 13pc only did so after discovering their accounts had been hacked or compromised.

Poor password management crops up repeatedly in security surveys. Verizon’s 2012 international Data Breach Investigations Report, released last month, highlighted poor password management as one of the reasons for data loss and information theft within organisations.

Brian Honan, head of IRISSCERT, said the findings were worrying, given the importance of the internet in general and social media, in particular, to young adults.

Possible consequences of no passwords on mobile devices

“Given that many people now use their smartphone to manage their online presence, ranging from email, to social networks to online banking, the large number of respondents who do not put passwords on their mobile devices is worrying as it potentially exposes them to the risk of identity theft and fraud,” said Honan.

“These devices are small and easily lost or stolen with many using integrated apps to access and manage their online presence,” he added.

Among the advice IRISSCERT provides is that good passwords should have at least eight characters, including upper- and lower-case letters, symbols and numbers. It shouldn’t be a word that can be found in a dictionary, nor should it use personal details like date of birth, or where you live.

The group recommends using a different password for every system, website, application or service a person uses, and that this password should be changed frequently depending on its use.

It should be changed often, at least each school term, depending on its use.

According to IRISSCERT, the best way to remember a safe password is to use a mnemonic or ‘magic sentence’ technique. It gives the example from Irish legend: “The children of Lir: Fionnuala, Aodh, Fiachra and Conn” would give the secure password Tcol:FAF&C.

Gordon Smith was a contributor to Silicon Republic