Schneier on Security
A blog covering security and security technology.
« Evidence on the Effectiveness of Terrorism |
| The Nature of Cyberwar »
January 27, 2012
Password Sharing Among American Teenagers
Interesting article from the New York Times on password sharing as a show of affection.
"It's a sign of trust," Tiffany Carandang, a high school senior in San Francisco, said of the decision she and her boyfriend made several months ago to share passwords for e-mail and Facebook. "I have nothing to hide from him, and he has nothing to hide from me."
"That is so cute," said Cherry Ng, 16, listening in to her friend's comments to a reporter outside school. "They really trust each other."
We do, said Ms. Carandang, 17. "I know he'd never do anything to hurt my reputation," she added.
It doesn't always end so well, of course. Changing a password is simple, but students, counselors and parents say that damage is often done before a password is changed, or that the sharing of online lives can be the reason a relationship falters.
Ethnologist danah boyd discusses what's happening:
For Meixing, sharing her password with her boyfriend is a way of being connected. But it's precisely these kinds of narratives that have prompted all sorts of horror by adults over the last week since that NYTimes article came out. I can't count the number of people who have gasped "How could they!?!" at me. For this reason, I feel the need to pick up on an issue that the NYTimes let out.
The idea of teens sharing passwords didn't come out of thin air. In fact, it was normalized by adults. And not just any adult. This practice is the product of parental online safety norms. In most households, it's quite common for young children to give their parents their passwords. With elementary and middle school youth, this is often a practical matter: children lose their passwords pretty quickly. Furthermore, most parents reasonably believe that young children should be supervised online. As tweens turn into teens, the narrative shifts. Some parents continue to require passwords be forked over, using explanations like "because I'm your mother." But many parents use the language of "trust" to explain why teens should share their passwords with them.
Much more in her post.
Related: a profile of danah boyd.
Posted on January 27, 2012 at 6:39 AM
• 43 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
Alice and Bob agree to share passwords.
Eve cracks the password.
Eve does something nasty to Alice's FB (or bank account, or however bad it gets).
However much Bob loves Alice, this raises doubts between them.
That's why kids shouldn't share passwords. It has nothing to do with trust between them; it's what effect a breach might have on their relationship.
I told my kids and my wife never ever to give out a password, not to the help desk, their buddies nor to me, even with me being the assigned IT admin at home. We each have a "password safe" vault to securely store and use passwords, which is working very well for us. With parental control features available on the OS and the Internet router, I strongly believe that passwords must not be shared.
This article from Social Media Collective had an interesting take on using a piggy bank as a password escrow for parents and teens. I like the idea that you can build trust but still have the option for accountability.
Of course, this doesn't guarantee that passwords don't get changed after escrow, but that is a problem with any sharing scheme.
While this is probably a pretty bad idea, it's also certainly not the worst thing teens could share with one another.
To me it points out a need for better access control. It's done because there is a desire to allow other people (be it parents or SO's) to have complete access to your information, but there is no option to do so in many if not most systems.
@AlanS: "go Bradley Manning on you" xD
Looking forward to the book. Btw, she still single? :D
If you give em the key to your place, you can change the locks later, and be pretty safe asusming they can't get back in.
If you give them your password, they can do all kinds of crap that isn't readily apparent, like changing profile info (password reset questions, reset address), or if it's email, changing passwords for other accounts.
If you want to foster trust, don't close every window when they come in the room, but don't hand over your identity.
Sharing passwords is a bad idea but sharing house keys isn't? (With teenagers, as if there's some meaningful difference between them and adults on an individual level). Parents don't know their kids better than kids know their gfs and bfs.
Brent: exchanges of trust should be avoided in relationships because that trust could be broken? You seem to miss the point of human relationships, as humans see it.
I do know a married couple in which the husband never updates his FaceBook account status.
About once every two months, his FB status will read "Hi, this is $WIFE checking in to my hubby's FaceBook account to update his friend list."
That never happened before they married, though...so maybe it belongs in a different category. Perhaps it's a form of sharing between spouses that is more than they would share before the wedding.
I was interested in her comment that this is the same as sharing locker combinations. Kids really did / do that? I never gave my locker combination to anybody. Maybe I was just way ahead of my time with security consciousness :)
password sharing = ok between married partners as marriage is the highest form of trust bonding in human existence?
Interesting question for married people with children:
Do you value the trust bond with your partner higher, equal or lower than the trust bond with your child?
...and now that I think of it, my married friend is as far from teenager-hood as I am.
But I do know of a few teenagers in my family circle who occasionally joke with each other about hacking each others' FB accounts. My guess is that they found a machine with an open FB page...
I think Ms. Boyd is onto the best explanation, though.
Sharing email a passwords is a big no no in my mind.
Even if you don't value your own privacy, or "have nothing to hide", your closest family and friends could well do - and they may be emailing you with the (not unreasonable) expectation that the information they are sending you is not going to be shared.
Getting your feelings hurt at age 14 by an ex hacking into your Facebook account seems like a low-impact way to learn the importance of password security; surely better than learning at 30, after Romanians clean out your bank account.
The example of housekeys has already come up; I would throw in the example of shared bank accounts as another place adults model sharing of passwords.
Risky? Absolutely. You could lose all of 'your' money... Benefits in convenience and trust? You betcha!
It's important not to lose sight of the benefit half of the equation. Loosely (notice I didn't say 'poorly') secured systems are nearly always more convenient and efficient. Who says that doesn't matter?
In the case of facebook accounts, I struggle to see any non-trust benefit to sharing passwords. But the fact that you gave someone a password for six months (or a year, or whatever) and they never pranked you, never shared the password, never took advantage of the 'insider' information there... that is a tangible and real gain for a relationship.
Of course, the pinnacle of trust is when you don't even check anymore because you don't have to. I would argue that any marriage relationship that doesn't eventually move to this level of trust will have difficulty. Checking all the time is just. too. tiring.
If you remove the ability to trust agents, no system will work. The key aspect to talk about here is not whether to share passwords, but rather how we can effectively validate teenage sweethearts as sufficiently trustworthy. Good metrics, anyone? Piercings/in^3 ?
I explicitely forbids my children to tell me their password. But I'm not on Facebook, not on Twitter, do not use Chrome for anything remotely private. I guess I'm paranoid.
There's really a couple of things here
First, the kids have an immature idea of what trust is. It's not because of the parents. They have the childish notion that trust is being able to tell a friend a secret. But trust isn't a display nor is it in letting someone know secrets. It's trusting in the character of someone to let them have some privacy about their own person without having to monitor their every move.
The second thing is that this behavior now reaches into adulthood while the young folks lose a sense of a right to their own privacy, not only in personal relationships, but in the world at large. And thes young folks of today will be carrying that attitude as the leaders of tomorrow.
"Well, if you're not doing anything wrong, you shouldn't have anything to hide, Herr Schneier."
While I agree that it's bad practice, there are reasons that it could be fine.
I happily share my email password with my SO, because there's nothing secret there. It's a spam account, used only for logging into other sites (for which I have different passwords) or posting comments. Even if it got hacked, I'd lose nothing. Hell, I'd post it here if I knew it wouldn't get shut down.
Now my work password? That's a different story.
Actually... The issue is that most sites don't have a kind of parent-children account relationship.
If Facebook/Google/you-name-it had the option to create an account which can be supervised by the parents until the kid is 16/18/21, it removes the need to share passwords, and allows parents to both educate their kids properly and keep an eye on them.
I sure am glad that I grew up a long time ago, when my reckless, teenage mistakes only risked killing me -- not ruining the rest of my life. ;-)
This trust logic seems backwards to me ...
I don't give my email, FB, etc. passwords to my wife and would NEVER think of asking her for hers BECAUSE I TRUST HER. Sharing passwords, to me, seems to be an exercise because you don't really trust each other and you incorrectly think that this proves you do trust each other. It is a false front. I trust my wife more than anyone and for that reason, I would never ask for her passwords.
Trust and privacy: for me, it is about privacy. Having private space does not overlap into the trust sphere at all. For those that think it does, you must be the folks that tell the police, "Yeah, search my car, I have nothing to hide."
Thanks, that's what I tried to say, but you said it a lot better.
The only reason I can see for giving a partner (or anyone else) my password is in case of certain kinds of emergency: it's possible that it will someday be useful for someone else to get at my bank account while I'm in a coma, for example. (That one is mentioned in Boyd's article, though we all hope it's rare.) And if I knew I was going to be hospitalized, I might well say "Love, I've left myself logged in to X and Y services, please update with my status, but tell them it's you."
We also just rented a safe deposit box, in both of our names; it's going to have some shared paperwork (like our renter's insurance policy), and possibly some things that are his or mine rather than ours. If I didn't trust him enough to let him know where I'm keeping a couple of savings bonds, I should be talking to either a counselor or a divorce lawyer, not worrying about the security on the safe deposit box.
But we have separate email accounts, of course. We are not the same person, and while we generally know each others' friends, there are people one of us is a lot closer to than the other.
Non-adult acccouts on social media clearly need more than one accessing password.
One for the subject / primary content provider of course.
One for the parent / guardian / chaperone.
One or more for the guests -- trusted friends of the primary content provider. This would not allow accesses that took control (such as changing passwords).
All postings can then be properly audited or monitored.
Then we can begin to train our children to think of building trust in layers.
@erica, good luck "properly auditing and monitoring" postings to the "other" Facebook account, given that the public library has computers, the drug store has $30 Web-capable prepaid mobile phones, and the child's friends have iPads. Kids aren't nearly as dumb as some parents hope they are.
From the profile Bruce linked to:
“Children’s ability to roam has basically been destroyed,” Dr. Boyd said in her office at Microsoft, where a view of the Boston skyline is echoed in the towers of books on her shelves, desk and floor. “Letting your child out to bike around the neighborhood is seen as terrifying now, even though by all measures, life is safer for kids today.”
Children naturally congregate on social media sites for the relatively unsupervised conversations, flirtations, immature humor and social exchanges that are the normal stuff of teenage hanging-out, she said.
“We need to give kids the freedom to explore and experience things online that might actually help them,” she added. “What scares me is that we don’t want to look at the things that make us uncomfortable. So rather than see what teenagers are showing us online about bullying and suicide and the problems they’re dealing with and using that information to help them, we’re making ourselves blind to it.”
Sounds to me like Ms. Boyd would make an excellent parent.
I must admit I find very disturbing the idea of parents asking for their kids' passwords. It seems to me that unless you have a specific reason to believe you need to intrude upon your child's privacy you should respect their boundaries. It's important for them to learn early on that they have rights and that those rights have to be respected by others.
I think that what bothers me most about this is that you're not just (supposedly) showing your partner you trust him/her, but you're at the same time forcing everyone that trusted you to trust him/her as well.
My own experience with that is with a guy that was a moderator at a forum I frequented; when he and his girlfriend had a bad breakup she abused his moderator powers to mess up the forum.
Funny story related to kids and passwords. I noticed that my 11 year old had managed to have his computer dual boot with Windows 7 and Ubuntu. This was strange since I had his computer pretty well locked down and the last time I looked, it was only running with Windows 7. He didn't have admin privileges on his own account.
After some time, he owned up to the fact that he memorized the pattern of me using the keyboard to put in my admin password. This was 12 characters in length that met all the usual strong criteria (except length). I thought this was good enough for home use, but obviously not.
Armed with an admin password, off he went and downloaded the Ubuntu distro that he saw me look at previously on my own computer. You get the picture ...
Pwned by own son, I had to change the admin password. He's learned his lesson, although I've also learned that he has a genuine interest in computers beyond Youtube and games, which is great too. Now I just have to keep him out of the room when typing ANY password into any device.
@Mooman: Nice. You should be happy he weren't running botnets. :P
At least give him a virtual machine to play on.
Curiosity shouldn't be punished, and by the sounds of it the chances of containing his curiosity with technology (passwords, firewalls, proxies etc...) is long past.
Kids _will_ explore, it's your choice whether that will be at home with some supervision or somewhere else.
If you make security a technology arms-race then you will lose.
“We need to give kids the freedom to explore and experience things online that might actually help them."
In order to do that we need to educate them from the start on how to make informed decisions. The critical thinking skills and tools to mask informed decisions and exercise that freedom. Just like we teach them to look before crossing the street - when we give them access to computer we need to do the same. Educate them that there are good and bad aspects of using computers and how to protect themselves.
Imagine that teaching discernment via asking questions and evaluating answers and the ability to question and verify before trusting regardless as to the source.
When you give somebody physical access to your machine, you effectively trust them with all your passwords.
When you give somebody physical access to your machine, you effectively trust them with all your passwords
On a modern OS if your password/phrase is any good and likewise the oneway function used to hash it into the password file then it should be OK from either a brut force or dictionary attack on the files contents. As it should be the equivalent of encrypted data at rest...
However the moment you try and login then the password is in it's plaintext form somewhere, so yup it's effectivly unencrypted and vulnerable.
Getting on for 20 years ago back when some computers still sat in secure computer rooms and had a serial terminal used for the control console next to them there was a discussion on just this asspect of root password use.
Quite a few SysAdmin's felt that because their systems were set up to only go into single user mode at the console on boot up and the SysAdmin then had to type in the command to connect the computer to a public access network it was safer to leave the console left loged in as root rather than risk the password being sniffed out of memory or device drivers...
I guess it's time to point out that there is a significant difference between the meanings of "trust" when used by ordinary mortals and CompSec bods...
The CompSec meaning is effectivly the opposit of the normal human usage of trust.
Oh and a word to the wise to all teenagers and many adults, anyone who thinks that "love should be unconditional and they should keep no secrets from their partner" is heading for a very hard fall.
Partly because nearly everybody has one or two bad habbits as far as their significant others are concerned and over time these can often cause the relationship to fail and then things get nasty as any divorce lawyer will tell you "that's business".
But you also need to consider that if somebody does act in this "unconditional no secrets" mode who else they include in that "unconditional circle" you can bet it's not just you. So who else... their parents, their siblings, their friends, even strangers? and under what conditions just a glass of wine? Because a friend has told them a confidence and they feel obliged to trade one in return? Because they are unhappy with you at the moment? or they are asking someone for relationship advice? or they are just babbling away to their priest or shrink?
I might sound cynical but human history is absolutly littered with examples of people coming to harm because of what they have entrusted to others.
In the British Army you will sometimes hear someone say of someone else "I'd trust him with my life, but never my wallet", it tells you an important thing you only trust people with what you need to trust them with for your own protection.
There is also another saying when someone asks a question, "I could tell you but then I'd have to kill you" there are quite a few people who find themselves wishing that either thay had not told someone something, or that they should have killed them...
@Michael: "I happily share my email password with my SO, because there's nothing secret there."
Then, why share it at all? Doesn't she have her own email account to which you could forward email that's interesting for her?
If you like to have a common account, just set up another address that forwards to both your accounts.
There's *always* a superior alternative to sharing passwords (possibly not as simple, though).
What's so wrong about this? Rather than separate accounts and sharing passwords, some couples I know have a joint email account, much like they probably have joint bank accounts.
My mother used to coerce me into surrendering my passwords (pretty sure I'm on the young end of Schneier fans, I read Applied Cryptography when I was 17) and would rant and rave and accuse me of things when I didn't want to. When I went away for 2 weeks at age 16, she used a boot CD to break into my Windows XP computer and look through my documents.
I came home to a printed photograph on top of the computer of my decidedly non-romantic internet friend in his Easter suit with his little sister, which he had sent me to show how cute his sister's dress was, with the note "WHO IS THIS". What the h*ll, mom. Note: that was in fact the most "incriminating" thing on the entire computer.
Let's chalk that up to one of many, many reasons I'm now working infosec...
I second the notion that some of the issue is systems which confound identity with permissions. If FB would allow two people with separate identities to log into a shared account (with different passwords), it would alleviate a lot of these issues.
Second, there's pressure on parents to "keep their kids safe." We no longer accept that trips, falls, and the occasional poison ivy incident are "part of growing up." Now they're signs of bad parenting.
Even if a parent wants to trust their child, they find them in a bind where they are legally and socially obliged to break that trust on a regular basis.
This is a great debate topic. I have two of the issues at my house, a wife and an 11 year old son (I wish he would want to download Ubanto and dual boot). My wife has her accounts, I have no interest to know what is in them (read in I trust her completely). Same goes for my accounts, she doesn't want in my stuff. If either of us had things to hide we wouldn't show the other our emails and such, which we do quite often.
Now for my 11 year old. His passwords are written down someplace. There are his, I only jump in when he needs help. We try to teach him the limits of trust with others and the issues of being "online". He has been taught what he can and can't (read in shouldn't) do. He does a really good job staying in his "lane". He has our trust until he does something against it.
That being said, he has his own computer, does not access any of the others in the house and every thing else is locked down (I hope) in the event that one of us screws up and lets info out.
I believe you have to have trust inside the family for a healty realationship. Outside the family, you can trust but not at the level of giving passwords, information, etc.
As I get older, I become more cognizant of the usefulness of keeping one's passwords available somewhere. (When my mother died, we had a heck of a time convincing her ISP to cancel the account, and had to go through a couple of seasons of saved holiday cards to inform her friends. When I go, it will simply be a matter of mass-mailing everyone in my inbox...)
Schneier.com is a personal website. Opinions expressed are not necessarily those of BT.