The Stack Archive

Is it time for password education to enter the standard curriculum?

Fri 10 Jun 2016

Editorial This week Mark Zuckerberg, founder and CEO of Facebook, was no doubt embarrassed at the revelation that he was not only reusing a password across accounts, but that it was a pretty terrible password by any standards.

Though a young man at 32, Zuckerberg still comes from a generation that was handed its first ‘world wide web’ passwords on an automated system, likely from a college library that adhered to minimal standards: letters, numbers…perhaps one of them in upper-case, and with character length either proscribed or limited – a great boon to the hacker!

Even so, the mandates were minimal, and it’s unlikely that there was any formal education either in college or, more crucially, in the preceding school years, to inform students about what they stood to lose with weak passwords in perpetual re-use.

The UK provides various schemes and resources for schools, such as Tech Future Classroom and Tech Future Careers, which at least contain cyber-security components. These schemes appear to be part of the general amorphous societal notion that it’s good to familiarise with kids coding early, and also as advance recruitment for a government seeking the next generation of security experts – an atavistic nod to the pre-smartphone age, when kids were (of necessity) creators more than consumers.

But the available resources are opt-in, and subject to an institution’s budget, rather than baked into essential early lessons; the province of lunchtime sessions and after-school clubs.

Teaching children something as basic as developing methodologies that generate better passwords should be a little higher up the academic priority-list than explaining what GitHub is. The first thing the eager young future-programmer is going to have to do before launching ‘The Next Facebook’ is to log in to his or her project – hopefully with a strong password that isn’t being stored on the server in clear text; because you can’t mandate against a company’s personal madness.


Editorial education security
Send us a correction about this article Send us a news tip