Parenting in the 2020s means lots of passwords. You have school devices. You have soccer team logins. You have Roblox and Minecraft and YouTube. Sometimes it feels like your kids have more accounts than you do! Which means it’s very, very tempting to create easy to remember passwords and (it’s okay — you can be honest) reuse those passwords across different accounts.

Now, we know that you know both of those are very bad ideas if you’re concerned about things like identity theft, someone gaining access to your finances, or one of the million other ways that a cyber criminal can use your stolen login info. Those of you who have been paying attention might even remember the Seesaw credential stuffing attack, in which reused passwords were utilized to send a very objectionable and obscene image from parent accounts to teachers’ inboxes. 

Yikes. The Seesaw attack came about as the result of parents reusing passwords on their own accounts. But imagine the damage that could have been done — at the things a child could be exposed to — if a child’s account was accessed by a cyber criminal. 

It’s scary — but we’re not here to just freak you out. Luckily, there are actual steps you can take to create and manage strong passwords for children, without losing your mind in the process. Here’s what we recommend.

1. Create as few accounts as possible. 

Parents of multiple children in particular will quickly find that keeping track of everything is a total nightmare. So while it might feel near-impossible, try to create as few accounts as possible for your kids. This is really for your sanity as much as it is for them.

2. Use your own email address if you can. 

Signing up for accounts with your own email address not only keeps things centralized, but also protects your kids in case of a data breach or hack. Obviously the prospect of having your login information stolen isn’t great, but imagine if it was your five year old? Even worse.

3. Use passphrases

You’ve obviously heard of passwords, but have you heard of passphrases? They’re the human-centered solution to the computer-centered format of strong password recommendations. 

Think about it this way: Have you ever remembered one of those passwords that looks like 42^@la;lmcie^$? No, of course you haven’t, unless you have a photographic memory. Experts have been recommending for years that we create passwords like that because they’re hard to guess, both by computers and by humans. 

But a well constructed pass phrase is hard to crack and relatively easy to remember. The key is creating a system from creation, which we’ll go into in the next tip. But, at its essence, a good passphrase is just a series of unrelated words, like coaster-nonsense-blue-ceiling. It makes no sense, making it difficult to guess, but is composed of actual words, making it easier to remember. 

4. Create and follow a system.

Before you start creating passwords or passphrases for your kids, create a system. For example, if you have multiple children, you can start each password or passphrase with the first letter of their name or their initials. You can do a similar thing to indicate what the password is for, creating different terms for different things. For example, “school” could become SCHL or “soccer” could be SCCR.

After you mark the password with initials and/or what it’s for, it’s time to create a passphrase. Create a system for this as well, like always doing an object, color, verb, and adverb, for example. Think of something like “stove-red-run-beautifully.” Then, if you want to make it even more secure, add some capitalization and maybe a couple of symbols in place of letters. 

Let’s look at what all of that looks like in reality. Say you have a child named Jose Smith and you want to create a school password for him. Here’s a possibility: 

JS-SCH-st0ve-red-run-beautifu!!y

That’s a kind of long, but very secure, password. You could always shorten it, which does make it easier to remember — but also easier for criminals to crack.

5. Use a password manager, differently. 

You can also use your password manager (which is a piece of software that stores all of your passwords and that you can “unlock” with one primary password) to store your kids’ passwords. However, you probably don’t want to give them access to that manager, because it has literally all of your passwords in it. And, depending on your kids’ ages, it’s likely that you’re still trying to control what they access online, at least to some extent.

So instead of installing your password manager directly on to the devices your kid uses, just use it as a storage space so that if you forget a password, you can access it quickly and easily. There’s really no need for your kids to have access themselves, at least until they’re old enough to have their own password manager.

6. Delete old accounts. 

Finally, do an annual assessment of all of the accounts in your passwords manager and delete any that your kids aren’t using any more. This not only means you have fewer passwords to keep track of, but also protects you (and your kids) against data breaches and hacks of those accounts. 

Practicing strong password hygiene can feel like a pain, even when it’s your own accounts. So we totally get why it’s extra annoying to have to do the same for your children. But setting up a system and sticking to it is worth it if you want to keep your entire family safe, both online and off. 

Take our cyber awareness quiz and learn how you can navigate discussions with your family around  the complexities of technology and digital threats. What's more, download our online safety checklist (PDF) for a quick guide to better online safety.