is a 3 year old all that's between you and getting pwned?

Here’s some food for thought… Would you trust a 3 year old:

Of course you wouldn’t.

Let me try another question then… Is your smartphone PIN access code the same as your:

I know kids who’ve been able to memorize PINs and unlock their parents iPhones since they were very young. If, like for the majority of people, that PIN is “the normal PIN that they use for everything” then they are effectively trusting the keys to their kingdom to the discretion of a 3 year old. To get that PIN all I need to do is ask, watch the child unlock the phone, or hand them a phone and see what they punch in. It’s not that big a stretch, and as smartphones and tablets proliferate into education and childcare I suspect this will become a more relevant concern.

Some tips…

  1. Ideally, don’t reuse PINs AT ALL. Don’t have it so that all of the doors to your castle can be opened with the one key. That’s just unwise.
  2. If your absolutely MUST reuse PINs, keep “low security” and “high security” PINs separate. Don’t give your kids the keys to your castle. (I can’t think of a legitimate reason to justify this, but I know it will happen regardless).
  3. Don’t be paranoid, but be smart with the information you give you kids. The expression “like taking candy from a baby” exists for a reason.

Food for thought.

Casey John Ellis

Casey John Ellis

founder bugcrowd and disclose.io, keynote speaker, security strategist

comments powered by Disqus
rss facebook twitter github gitlab youtube mail spotify lastfm instagram linkedin google google-plus pinterest medium vimeo stackoverflow reddit quora quora