Ask Slashdot: How To Keep Students' Passwords Secure? 191
First time accepted submitter bigal123 writes My son's school is moving more and more online and is even assigning Chromebooks or iPads to students (depending on the grade). In some cases they may have books, but the books stay home and they have user names and passwords to the various text book sites. They also have user names/passwords to several other school resources. Most all the sites are 3rd party. So each child may have many user names (various formats) and passwords. They emphasized how these elementary kids needed to keep their passwords safe and not share them with other kids. However when asked about the kids remembering all the user names and passwords the school said they are going to have the kids write them down in a notebook. This seemed like a very bad practice for a classroom and to/from home situation. Do others have good password management suggestions or suggestions for a single sign-on process (no/minimal cost) for kids in school accessing school provisioned resources?
OpenID (Score:3)
They log on on one site, and use that login to log in to all other sites.
OpenID (Score:3, Insightful)
THis, or just write them down in a notebook. Who cares about those passwords anyways? They are kids for christsake. Just give the teacher admin password to reset and change everything. They WILL steal eachothers passwords, they will share them, they will make up "funny" passwords if they get to choose. They are kids, let them be kids. Being impulsive, naive, and, well, juvenile, is integral part of being a kid. Also, they already remember all the important passwords, such as their facebook, online games etc
Re:OpenID (Score:5, Insightful)
I tend to agree with this. Don't take away all the risks from these kids, they need to learn about the consequences of insecure passwords sometime. So their home page shows up in all pink, or all their notes have been translated to Ancient Egyptian - better now than when the stakes are higher. And they'll learn the lesson much better from personal experience.
Re: (Score:3)
I tend to agree with this. Don't take away all the risks from these kids, they need to learn about the consequences of insecure passwords sometime. So their home page shows up in all pink, or all their notes have been translated to Ancient Egyptian - better now than when the stakes are higher. And they'll learn the lesson much better from personal experience.
Wholeheartedly agree. I would require my child to use the password(s) regularly and not rely on some tool to store them where they don't know what they are and can't remember them should something keep them from the application containing them. People don't know or forget passwords because they don't actually use them. I see this ALL THE TIME! People store their passwords and then forget them ause their brains aren't being used to store and recall them on a regular basis. I have only a few passwords that I
Re: (Score:2)
What the fuck does seatbelts have to do with drinking & driving?
Re: (Score:3)
That is just harsh, they will be mocked mercilessly when they have an 8 digit slashdot ID because you didn't let them signup for slashdot.
Re: (Score:2)
oops nevermind, guess i need my eyes checked. thought you had said take away their slashdot accounts.
Re: (Score:2)
On the other hand they are kids so now would be a good time to teach them good habits such as password security.
Re: (Score:3)
On the other hand they are kids so now would be a good time to teach them good habits such as password security.
One of the best ways to do that is let them abuse each others accounts. While it's still something relatively harmless that gets trashed.
Re: (Score:3)
DAAAD. Why does my facebook say I like boys?
We've been over that, you didn't use SSL. I intercepted your stream and rewrote it.
Re: (Score:2)
Who cares about those passwords anyways? They are kids for christsake. Just give the teacher admin password to reset and change everything. They WILL steal eachothers passwords, they will share them, they will make up "funny" passwords if they get to choose. They are kids, let them be kids. Being impulsive, naive, and, well, juvenile, is integral part of being a kid. Also, they already remember all the important passwords, such as their facebook, online games etc.
Better question: do we want that to be an opportunity to teach them how to manage passwords/manage their own system so that their bad habit don't stick with them all the way into old age homes?
Re: (Score:2)
Re: (Score:2)
Replying to undo wrong moderation
LastPass, 1Password, KeePass, PassPack + YubiKey! (Score:2)
Yes! Use a password manager. But then also add 'a third password' to it, in the form of a finger print scan via a USB Yubi-Key for two-factor identification. Similarly you can also 'authorize' your specific mobile devices, (which can't accept a YubiKey). It's a hassle, but it is also an investment in security; which is how these things always work.
http://help.passpack.com/knowl... [passpack.com]
Keep It Simple (Score:4, Insightful)
For children age 6 and up, and also for adults, the most important thing is to Keep It Simple.
Writing down passwords is actually a good thing for adults, as long as the passwords are written down in a secure place. A note in your wallet qualifies, as you know how to keep your wallet secure (right?). This is even more secure than a password safe on your smartphone: inputting a strong password is a pain (and easily observed), and witht it your sm artphone becomes a prime target for theft (if it isn't already).
For children of 6 years old and older (I'm assuming a US centric view here, triggered by the word 'elementary'), the situation is not that much different. The only problem is that children at this age usually do not have a wallet.
This is then the only problem to solve: creating a secure place to write down passwords.
Re: (Score:2)
A note in your wallet qualifies, as you know how to keep your wallet secure (right?)
I've been doing this for years for all sorts of passwords. But I take it one step further just write it on things already in your wallet. I write my pin on my bank card and the bank card is in my wallet and I keep my wallet in my back pocket so it's always with me. Now no one can get at my money or password.
Re: (Score:2)
Re: (Score:2)
Ok, but how important is it to keep passwords secure to a textbook website or an iPad? Maybe if someone steels Johnny's textbook password then the teacher can just go in a reset it?
Let's keep things in perspective here, these are not banking passwords or social security numbers. These passwords are only used to identify individuals for the purpose of individualizing the presentation of information. Nothing of value, especially to an identity thief (and especially to a fellow 6-year-old student) can be lost.
Why not write them down? (Score:4, Informative)
However when asked about the kids remembering all the user names and passwords the school said they are going to have the kids write them down in a notebook. This seemed like a very bad practice for a classroom and to/from home situation.
Bruce Schneier says:
"Microsoft's Jesper Johansson urged people to write down their passwords.
This is good advice, and I've been saying it for years.
Simply, people can no longer remember passwords good enough to reliably defend against dictionary attacks, and are much more secure if they choose a password too complicated to remember and then write it down. We're all good at securing small pieces of paper. I recommend that people write their passwords down on a small piece of paper, and keep it with their other valuable small pieces of paper: in their wallet."
https://www.schneier.com/blog/... [schneier.com]
Re: (Score:2)
Simply, people can no longer remember passwords good enough to reliably defend against dictionary attacks, and are much more secure if they choose a password too complicated to remember and then write it down.
Bull spit. The problem is that people are using dictionary words in their passwords to begin with, and there are surely viable alternatives which are absolutely able to provide memorable strong passwords without dictionary words (company names, acronyms, usernames, etc..).
As with many other perceived problems, a lack of education and complacency are the real culprits here. Instead of blaming users for bad passwords, put the blame on executives that refuse to educate people, and further refuse to enforce p
Re:99% of the attacks are script kiddie dictionary (Score:2)
Re: (Score:2)
I agree, but as with above this is a problem with eduction. If you teach people to use different passwords, and provide them a method of generating different (yet similar) passwords the problems are greatly reduced.
When was the last time you heard your security team remind people not to re-use passwords? This is of course in addition to training people on strong memorable passwords. If you can't remember, something is wrong.
As much as security experts enjoy hacking and finding vulnerabilities, their job
Write down part of it, or derivative (Score:2)
> I have too many important passwords that could ruin my life. ... If I kept the passwords for my bank/retirement fund/etc.'s web site in my wallet they could put my in the poor house. I haven't figured out what to do about this yet.
First, don't use the same password for Slashdot and Facebook that you use for your retirement account. Using the same password, or a similar password for two important accounts is fine. So let's say your PIN you use for important stuff is "5918", and the base password for i
Dashlane (Score:2)
Excellent password manager. Syncs an AES-encrypted file to all your devices. It also has plug-ins for most web browsers (Firefox, Chrome, Safari) that allow you to login automatically on a web site. I personnally don't use the plugins, but it's really good on both Android and Mac OS X.
RFID chips (Score:4, Funny)
How To Keep Student's Passwords Secure?
How about we do away with passwords and have the kids get mandatory, government issued, RFID chips imbedded under their skin. Problem solved!
Re: (Score:2)
That wouldn't work. It would interfere with th***CARRIER LOST***
Re: (Score:2)
Writing them down is fine (Score:3)
Just make sure they understand to keep the notebook safe. Ideally, they would write them down in a diary or the like, that contains other private information, bit at least here only girls usually have these.
Re: (Score:2)
Ignore stupid suggestions (Score:2)
Tell them to put them in a notebook. Accept that they will get shared. If that bothers the school admins, too bad.
I have a feeling that this school is wasting a bunch of money on stuff "third party" salesmen have sold them, but that is another issue.
Re: (Score:3)
Oh, and probably most important - parents should make sure they have a copy of the ID's passwords needed to access "third party" resources, to avoid the inevitable loss of notebooks.
The IT side, not the students (Score:3)
I think the question is completely wrong, it's not how they should remember their passwords. It's why do they have several usernames and passwords in the first place?
First the resources that are school controlled should of course be behind one username/password pair, preferably SSO for the web parts (e.g. a CAS variant is quite simple).
For external resources, is there a real reason they really need to log in? E.g. can IP based access control or something work for some cases. I understand you don't control everything, but as users(/customers) one can at least complain, and try to push it in the right direction. If there is a reson to log in, do they support something like Shibboleth/SAML or OpenID for login federation? If so, that should be used. It's not trivial, but making the lives of the students hard for something stupid like that is even worse
I think that for an elementary school student, if the amount of username/password pairs they need is over 1, there's something wrong somewhere.
Physical notebooks are perfect for this age (Score:2)
Notebooks are non-installable (no e-viruses), portable, inexpensive, and do not require access to a third party online service (school access whitelists work).
They are as secure as they need to be - students are to use their own notebooks and note share them, and as long as a notebook is closed it is secure from prying eyes. These aren't nuclear codes, they're access to textbook sites used by grade school kids. If you're so concerned, have your child get a small, pocket sized notebook and write them down th
As in the movies (Score:2)
Have you seen Memento?
Re: (Score:2)
Yes, but I don't want to visit a tattoo parlor every 90 days (when I have to change my work password), and my forearm is only so big.
Lastpass.com (Score:2)
It works. Creates secure passwords. Stores them.
Easy.
Déjà vu? (Score:2)
They emphasized how these elementary kids needed to keep their passwords safe and not share them with other kids.
Yeah, it's still a crime, but at least the Software Protection Authority and Central Listening won't find out about it that way, right?
In the name of the dog. (Score:2)
Use a twisted rhyme (Score:2)
Re: (Score:2)
Fish heads, fish heads, roly poly fish heads. Fish heads, fish heads, eat them up. Yum!
https://www.youtube.com/watch?... [youtube.com]
REFRAIN
Fish heads fish heads roly poly fish heads
Fish heads fish heads eat them up yum
REPEAT REFAIN
In the morning laughing happy fish heads
In the evening floating in the soup
REFRAIN
Ask a fish head anything you want to
They won't answer they can't talk
REFRAIN
I took a fish head out to see a movie
Didn't have to pay to get it in
REFRAIN
They can't play baseball they don't wear sweaters
They're not
One word (Score:2)
He could have a folded one in his wallet or whatever. If he loses his notebook, it's just a random set of letters.
this is a learning experience (Score:2)
Don't expect them to get it perfect the first time. And depending on their age, don't start them off with what you'd consider the best final approach. You're in a school, treat it like any other learning experience.
Just using passwords may be a new experience for some of them. Start with the basics. I wouldn't focus too much to start with on "strong passwords", they can work on that later. For now, work on selecting a password they can remember, NOT sharing their password, and changing their password a
Comment removed (Score:5, Insightful)
Re:What are you afraid of? (Score:5, Insightful)
I think you are totally right here. The phrasing of this question as being about 'security' is actually totally off base. From the student's perspective, there is no advantage to security. Only the textbook publishers actually benefit from security - they don't want people who haven't paid for the textbooks to read them.
For the student, what he or she actually cares about is being able to easily access he or her school stuff. The worst case scenario is not someone stealing his or her password, it's not being able to recall his or her password and thus being unable to participate in class. Lastpass etc is overthinking it. Just set the password to something simple and easy to remember, and write it down just in case they forget.
Re: (Score:2)
You took my response!
When it comes to security, I always try to drive the idea home that security is always a balance between "creating easy access for authorized users" and "making unauthorized access difficult", and where you strike that balance should always depend on the context of how easy authorized access needs to be vs. how hard unauthorized access needs to be.
So in this case, your child probably doesn't need very good security. There are no state secrets, no business documents to be hidden from
Re: (Score:2)
Laminated card (Score:2)
SmartCards (Score:2)
Re: (Score:2)
The cards aren't the core cost, it's the infrastructure and hardware to support them. How does the smartcard work with tablets? How does it work with Chromebooks? And so on.
Here's a simple trick I taught my kids (Score:2)
Re: (Score:2)
In a world where dictionary attacks weren't as common as they are, you'd be right.
That one particular xkcd always bothered me. Algorithmically, "correcthorsebatterystaple" is as secure as any other 4-token password like "hanx".
Note that "hand" would be a 1-token password and only marginally more secure than only "h" (due to a larger dictionary size, but since its order 1, we're talking about a constant factor).
So typing out the sentence only makes a difference in security if it can't be effectively tokenise
Whatever happens... (Score:2)
Re: (Score:3)
Re: (Score:2)
I'm the technology manager at a school but beholden to a larger "Management" company for a lot of my processes. In our case, we can't afford to issue laptops or tablets or Chromebooks to students, however it is absolutely true that we have access to everything everybody does on school computers. This includes students and to some portion, teachers. We tell everybody straight out with big, bold text that we have access, but people do stuff anyway.
Tuesday, a new employee got onto his computer for the first ti
Notebook + Teacher = success (Score:2)
Master password (Score:2)
Master password system of some kind is about the only reasonable solution. KeyPass etc.
Push for more publically available resources (Score:3)
https://www.gnu.org/philosophy... [gnu.org]
Welcome to Security Chess... (Score:2)
What assets are you protecting? What is the risk?
1 ) If the account is compromised can you get access to it again via alternate means?
Be the parent. Have all of the accounts go to an email box you control, or have all of the accounts go to an email box that you know you can get access to beyond the password. In case of breach make sure you have a path to regain access and control.
2) What are the accounts for? Minimize the risk.
Don't allow the kids accounts to be an attack vector for *Y
keep the passwords locked up but easy to get to (Score:2)
Use Dropbox (or any cloud service that sync local files) and Keepass 2 (open source) to keep them in an encrypted file that is shared among anyone. You can also do group file sharing in dropbox, though I don't do that with my passwords file.
The keepass file is encrypted.
I've done this for several years. It's awesome. It allows you to change your password for the same site without depending on some algorithm to lock you into only one possible password for that site.
You can add and edit the file and it sync
Single splittable password (Score:2)
Start with a core that involves a Capital letter, a lowercase letter, a number and a symbol. You want it be about 7 letters long, something like this:
Sp1tab$
ALL your passwords will start with that. Next decide if you are going to use the first, second, last, or second to last letter.. Let's go with "first"
Add the "first" letter of the name of the device/software for which you are using a password. Then add the "first" l
DOn't forget its about (Score:2)
what ou are securing as much as it's about the secrity.
I it just access to text books? then who cares. Are we worried one to many of the kids might learn?
Writing them down is fine for what we re trying to protect.
That said, it's a good time to teach them how to make easy to remember hard to crack passwords.
"Mary_Had_A_Little_Lamb_2004"
As an example.
If not a password manager, then a password card (Score:2)
Writing down passwords isn't an automatic fail—it just means you need good physical security on whatever you write them down in. A notebook is bad advice, but writing them down on a wallet card or similar wouldn't be too bad.
Something like LastPass is probably your best bet, since it works everywhere (including Chromebook); though it isn't free if you want to use the mobile app, it is pretty inexpensive. Of course, if LastPass has an outage, you're gonna have a bad time.
As a security professional, I
Re: (Score:2)
passpack.com accounts can share passwords between user-accounts. This solves the 'what if Bob gets hit by a bus' problem, (because only Bob knew the passwords to the servers). It seems other services should be able to provide this also.
Re: (Score:3)
Set up a proxy system to access them. Use your dedicated password to access the proxy, then the device password can be in the open because it's behind a proxy.
Not idiot-proof, and if you can cross-access the devices it leaves holes in the solution unless you can segment the network they reside on.
LastPass, 1Password, KeePass....all impossible (Score:2, Insightful)
It's school; all the computers are locked down and limited in access only to approved sites (whitelist). No outside software may be installed, and all USB ports are frozen. No personal electronics are allowed to be brought in by kids.
Remind me again how LastPass, 1Password, and KeePass work in these environments?
Re: (Score:2)
The big perk of single-sign-on (aside from keeping users from spewing crap passwords) is how nicely it centralizes the credential management. Create a new account? Do it in one place. Lock an account? One place. Change a password, one place. The fact that the user sees very few login screens aside from the initial one is a nice bonus; but not really the major perk for IT.
The assorted password managers in common use are Not aimed at 'faking' single-sign-on. T
Re: (Score:2)
Re: (Score:2)
You don't deal with school systems much, I see. In most places this isn't a simple request. And have you ever used Lastpass on an original iOS device (original iPads cannot update past iOS 5.1.1)? Convenient isn't the word I would use.
Besides, what happens if the 7 year old forgets his or her master password? If he has it in his notebook, the teacher can help him. If not, she will spend the next hour setting up and approving all of his logins on all of the sites they use. And 7 year olds forget things like
Re: (Score:2)
I second that. I have LastPass on my mobile, on various WebBrowsers at home and work. Although the free version could be suficient for your child. I paid for the premium version which gives me the mobile option, and it's cheap, at only around $12/year (last time I looked). So for all websites I have different passwords which all have high entropy (think 16 characters, uppercase, lower case, numbers and special characters).
I only need to remember a few passwords which I don't store in LassPass, e.g. ban
Re: (Score:2)
Why not go all the way and change it to 00000000? Was good enough for the US nukes....
Re:LastPass and a sentence-key-phrase (Score:2)
tsÃMÃ--Ã09kÃÃyW>Ã17gËoeÂâsÃzxéYÃwMã8w
Of course we are on slashdot, almost none of the high-ansi characters will display.
Re:password manager (Score:5, Interesting)
Re:password manager (Score:5, Interesting)
Thank you, I've been posting this to every password-related Slashdot article for years and never managed to get modded up. My scheme is a slight variation, where the "357a" part is derived from the name of the web site or application you are logging into. Maybe you use the vowels in the web site name and their count: so the password for homework.com might produce "boxcaroeoo4." With this approach, instead of writing down "357a" or "oeoo" you write down "vowels + count" or "standard derivation" or something like that. The benefit is that if you use the same algorithm most of the time you don't have to write anything down.
Re: (Score:3)
I've been using this scheme (base word + something connected to what the service does, usually in leetspeak) for about 15 years now to help me remember passwords for obscure/rarely used accounts.
The most important insight is: use it ONLY for unimportant/throwaway stuff and PLEASE stop recommending it as a general method to people.
I have more than three dozen accounts and passwords. At some point one of those WILL be breached, probably without you ever being aware of it, and without any blame on your side. I
Re: (Score:2)
anybody who takes more than 5 seconds to look at your password, or even a malicious system maintainer who grabs passwords at login, will be in a position where your passwords are just 3-4 token variations... once a human mind sets you as a target, your online world is SOL.
This objection only applies to the really simplistic example I give, and only if they see 2 or more passwords. "His passwords are boxcar73 and boxcar98? Duh..." In reality, you can do something only slightly more mentally complex than tacking the service name onto the end that yields an essentially random string. Think ROT13, but not using a constant 13. :-) Since my employer requires me to rotate passwords every 90 days, I feel safe writing "dellbattery" on a post-it on my monitor knowing that nobody
Re: (Score:2)
Why need to make it that complicate?
- Use your password as a salt and the website then cut it down to how many characters you use. Most websites allow for 8.
- md5("hunter2" + "slashdot.org")
- sha265(md5("hunter2" + "slashdot.org"))
For websites that insist on upper and lowercase or special characters I wrote my own "rot72" that will rotate the numbers and lowercase letters through specials and uppercase.
It's trivial to implement in about any language:
echo -n hunter2slashdot.org | md5sum | sha1sum
f096
Re: (Score:2)
Hmm, I strongly dislike the idea of sitting in a public place and typing my "salt password" visibly into a prompt (especially if it litters the bash history), and then also getting the resulting login password in clear text.
I guess you're not proposing to remember those pseudorandom login passwords, because that's a pain for dozens of accounts (and you could then simply use any input or even sites like http://www.passwordgenerator.e... [passwordgenerator.eu])
Re: (Score:3)
You don't have to do it that way. It was a case and point on how you can easily remember a password but not your password
I made a javascript that does it locally (no sending my passwords cleartext over the internet).
If SSH to my home computer is compromised a password to Slashdot is the least I have to worry about. SSH is also protected with Google Authenticator so I have to have my phone with me to log in with 2-factor.
I use LastPass to remember my passwords but in a pinch, (not on a machine with LastPass,
Re: (Score:2)
I made a javascript that does it locally (no sending my passwords cleartext over the internet).
It's usually not your choice whether or not to send the password in clear text over the internet, but I strongly recommend simply not using services that don't offer encryption.
But that has nothing to do with my previous comment... again: I don't want my password to be visible on screen (neither the "salt" one, nor the resulting hashed password). And if it gets saved anywhere on disk in clear text (like it does with your bash one-liner), even worse! You shouldn't present such a bad example as a viable metho
Re: (Score:2)
It's usually not your choice whether or not to send the password in clear text over the internet, but I strongly recommend simply not using services that don't offer encryption.
Um. Yeah. It kind of is. If I made a *local* html script and run it on my local machine. I'm fairly certain it's not sending passwords out cleartext over the internet. You can make it so that it just copies a result to the clipboard, etc.
I'm not sure why it's such a terrible example. If you're in a situation where you're scared about screen readers there's really no safe way to enter your password anyway because you might as well assume the NSA is logging everything on that machine.
Its a standalone everythi
Re: (Score:2)
Hmm, I strongly dislike the idea of sitting in a public place and typing my "salt password" visibly into a prompt (especially if it litters the bash history), and then also getting the resulting login password in clear text.
No sure if the parent does the following, but your extra requirements are easy to get around.
* not in bash history? just put a space before the command (if you didn't know that already, you're welcome... it's so much easier than "rm .bash_history && ln -s /dev/null .bash_history" :-)
* result in the clear? Just use your clipboard: echo -n hunter2slashdot.org | md5sum | sha1sum | cut -c1-16 | xclip ... then just [SHIFT]+[INSERT] to paste it into the password field. You can also change the xclip select
Re: (Score:2)
A checksum that you can do in your head would be better than something you must use an external tool on. You don't want to expose "hunter2" in your example by typing it in there.
Re: (Score:3)
If the new password must vary by at least five characters, they must be keeping a copy of the password, so you know they have crap security anyway. Use a base and append the month name or something (except that they're likely to have a character limit). Don't sweat the security too badly, because it's more likely to leak on their end. (Don't neglect it completely, though, because this is doubtless your bank password. The worst password restrictions I've seen were for banks and other financial instituti
Re: (Score:2)
What system forces you to change your password by at least 5 characters?
If the system stores in password as a hash, like all good systems do, how would they know that you changed your password by at least 5 characters?
Re: (Score:2)
Re: (Score:2)
See Spot.
See Spot3 run.
Run, Spot$# run!
Like this?
Re: (Score:2)
Simpler for kids is use a pattern, and base the first key off a letter in the website.
So password for Slashdot might be sdsasd (right, left, right). For Google+, ghgfgh. For pornhub, p[pop[
These are just examples, nowadays many require a number/shifted number be part of it, so I'd include that before or after the pattern. That way it's easy, the same pattern everywhere, just a different start point, unique, relatively secure, doesn't teach the bad idea of writing a password down, and is much faster to en
Re: (Score:2)
Re: (Score:2)
Crackers already know about substituting 0 for o and @ for a and the common trailing exclamation point. I don't think that's secure at all, since what you've got is trivial modifications on a four-word phrase in common use. Come up with some of your own substitutions and memorize them. For example, if you switch "a" and "i" and "e" with "o", you've got a variation that isn't likely in the cracker's software (RewRewYeurBeit).
Re: (Score:2)
For additional security, the non-base part can be writen down in a non-obvious way, for example a spiral. If my password was aBcDe123$, I would write down:
aBc
3$D
21e
Or a zig-zag with a bunch of unused symbols:
aoooeooo$
oBoDo1o3o
oocooo2oo
Re: (Score:2)
All nice systems, but my password manager popped up these choices instantly:
howl#6crusher
vetch*402tweed
Aswan56]japans
shared-69.cocoA
scarfs488/fats
tank59)Madelyn
All solid enough passwords, (entropy ~80 as measured by Keychain, but you can move the slider if you want longer/stronger ones), and memorable if you need to memorize one. And whichever one you choose, it's saved forever, along with the rest of your login info in the password manager. There is a free password manager included with Mac OS since at lea
Re: (Score:2)
If they are using iPads with the latest version of iOS 8, they can just save the passwords using the keychain in safari with autofill (only works if a site is HTTPS, however)
Re: (Score:2)
If they are using iPads with the latest version of iOS 8, they can just save the passwords using the keychain in safari with autofill (only works if a site is HTTPS, however)
So long as it can be backed up, that is fine. But you need to have a backup for safety in case something happens to that particular iPad or Chromebook, which will in part depend on the web browser being used - whether it uses its own set or the system's, and if it is its own if that gets included in the backups.
But yes, I would highly recommend using a password manager and teaching the kid how to use it properly, possibly even having them setup a master password for it, that only you (and those you autho
Re: (Score:2)
Because otherwise it would leak passwords to insecure sites, in plain text.
Re:password manager (Score:4, Informative)
Just don't forget that - whatever Steve Gibson [grc.com] has to say on the matter - it does rely on the competence and integrity of the LastPass crew.
If LastPass rework their website so that your password is sent to them (rather than the encrypted hash generated by JavaScript), they can do decryption locally on their side (rather than in JavaScript in your browser), then they can read your passwords.
If they get man-in-the-middled somehow - by a malicious employee, say - your passwords are no longer yours.
They could engineer their site to be subpoena-friendly. (Whether they have, I don't know.)
Also, if someone hits you on the head after you've signed in to LastPass, they have all your passwords.
Re: (Score:2)
Also, if someone hits you on the head after you've signed in to LastPass, they have all your passwords.
I see this as a positive thing if you don't wish to get hit on the head multiple times.
Re: (Score:2)
Using a password manager of any sort allows you
Re:Password Manager (Score:2)
Why is this post modded down? A password manager is an excellent solution, and teaching people to use them while they're young would save them (and me) problems for the rest of their life. Aside from storing passwords, a good password manager can be used to generate solid, unique, (and memorable, for those few you need to memorize), passwords for each site. I don't know about you, but I'm sick of having to jump through extra hoops in order to accommodate the lazy and ignorant. Please teach these kids to use
Re: (Score:2)
The OP meant grade as in second or third, not as in B or C.
Re: (Score:2)
Do you mean that the habit of doing it right gets passed on from the parents to the children? Or from the children to the parents?