• Using strong passwords is a key way to protect online accounts. Most sites and services will request that any password used should be at least 8 characters long. Some services will also request that passwords contain at least one uppercase letter, number or special character (characters such as ‘?’, ‘%’ and ‘@’). The longer a password, the stronger it is.
  • However, the strongest passwords are actually passphrases – a password made up of three or four random words. For example, ‘purplecakedinosaurmoon’ is a very tricky password for others to guess but can be more easily remembered by a user by visualising a picture that contains all these words – such as a dinosaur on the moon eating a purple cake. This makes the password both long and memorable.
  • While children understand the importance of not revealing their passwords to strangers, they may be more inclined to share their passwords with people they trust such as their friends. There are many reasons why they may do this –  it may be to allow a friend to use their account in an online game to help them progress further or to exchange items. For some social networks that reward or track contact over a number of consecutive days (often known as ‘streaks), a child might share their account password with a friend in order to maintain that contact in situations where a child might not be able to – such as if they were going away on holiday and wouldn’t have internet access. For some children, sharing their password with a friend is a sign of true trust.
  • Two factor authentication (2FA), also known as ‘two step authentication/verification’ is an effective way of keeping an account secure. When enabled on an online account, it requires a user to input their password and then a unique code in order to gain access. This code is sent to a user by SMS or email, or generated through a special authenticator app that the user may have installed.
  • A 2FA code will usually be sent to a user when they log into an online account for the first time from a new device or a new geographical location. This feature is also very useful because it can inform a user when someone else might be trying to access their account. Without the code, another person cannot gain access, but it would alert the user that someone else knows their password.
Advice:
  • Encourage your child to use a different password for each online account they use. This ensures that if one account is breached, that password can’t be used to access their accounts on other online services.
  • Keeping track of many unique strong passwords for all the accounts in your family can be very daunting, especially for younger children. You can use a password manager product to help store usernames and passwords. Free and paid options are available, and some devices have inbuilt password management features. Be sure to protect access to the password manager with a very strong password!
  • Remind your child that their account passwords belong to them and they are responsible for them. They shouldn’t share these with other people, even best friends that they trust. However, you as parent/carer might be permitted to know their passwords in order to help store them securely to show them in the event that they forget their login details.
  • Enable two factor authentication on all family member’s accounts in order to prevent unauthorised access. For younger children, you may need to set up your mobile phone number or email address as the method for receiving their authentication code.
  • If you or your child ever receive an authentication code that you haven’t requested (e.g. you haven’t just attempted to log in to that account) then it could mean that someone else knows the password and is attempting to access that account. You should log into that account as soon as possible and change the password. If that password has also been used on other accounts, you should change those too.