A: It is almost a sure bet your child has been knowingly or unknowingly a victim of cybersecurity or internet privacy breach (if they have internet accounts).
According to a report released today (August 11, 2021) by NIST (National Institute of Standards and Technology), 87% of high schoolers use the same password for everything. 45% of high schoolers share passwords with their friends. According to the research, teens don’t see password sharing as risky behavior, but a way to build friendships and trust.
Apparently, this is not an issue with not knowing cyber best practices. Children as young as third grade know and understand why passwords are needed, and why to use and how to create strong passwords.
So, with almost 90% of children using the same password for everything (my head almost explodes just writing that), and almost half sharing that singular password with friends, is it any wonder you can bet they have been breached?
Unfortunately, if they have freely shared their password(s) with friends, there isn’t a viable way to determine if this password has been used by friends to access their other accounts. But the doors are wide open for friendly fire upon their social media, email, banking, and school accounts to haunt them for years.
This might be a great time to spend five minutes with your child to review password best practices. For those whose own memory may be a bit dusty 😉 …
- Use a different password for every website and service.
- Passwords should be a minimum of 15 characters.
- Password complexity isn’t important. Better to have an easy to enter passphrase.
- Whenever possible, enable two-factor authentication (also called multi-factor authentication). This prevents someone who knows your password from accessing your account.
- Do not share passwords with anyone.
- Do not write passwords. Instead, store passwords in a password manager utility, which encrypts your data. My preference is Bitwarden for all OS’s.
While you are at it, check all family member accounts for breaches by visiting https://haveibeenpwned.com. Although this site won’t tell if you have been a victim of friendly fire, it will tell if your account has been attacked.