"NIST Study on Kids' Passwords Shows Gap Between Knowledge of Password Best Practices and Behavior"
Education and training are essential to strengthening passwords and safeguarding personal online accounts from cyberattacks. Although children may seem more technologically advanced, they still face the same cybersecurity threats as adults. Researchers at the National Institute of Standards and Technology (NIST) conducted a study in which they surveyed children from grades 3 through 12 to gain insight into what kids understand about passwords and their behavior when creating and using them. According to the study, children are learning best practices, such as memorizing passwords. However, there is a gap between their knowledge of good password practices and their behavior. The researchers surveyed over 1,500 kids from ages 8 to 18 who are students at schools in the South, Midwest, and Eastern regions of the U.S. Two versions of the survey were administered by their teachers, one for third to fifth graders and the other for sixth to twelfth graders, with each survey featuring the same questions but with different age-appropriate language. Results from the study revealed that kids are learning best practices on passwords, such as limiting their writing of passwords down on paper, keeping their passwords private, and logging out after an online session. They were also not found to be as burdened with many passwords as adults are, with kids on average saying they have two passwords for school and two to four for home. Despite there being evidence that kids are learning best practices, they have also demonstrated bad password habits like reusing passwords and sharing passwords with their friends. The bad habit of reusing passwords increased in frequency from elementary to high school students. This article continues to discuss the performance, findings, goal, and future of this NIST study.