A Password Checker for Minors

This application was created as part of an assessed exercise for the Human-Centred Security course at the University of Glasgow. I participated in this exercise as part of a 3-person team.

We are all aware that children are using internet-connected devices more frequently now than ever before, so it is becoming more important that considerations are made for them with regard to usable security. Hence, the goal of this password checker is to help children form good security habits when making passwords (the foundation of secure authentication online) through a child-friendly manner for a better user experience.

This proactive password checker is designed to act as a stand-alone service, where children can instantly gain feedback on their password security. The application's feedback includes not just security recommendations, such as avoiding common passwords etc., but also usability recommendations, such as a warning for a long password that may be too hard to remember. Along with the password recommendation information located below the password text box, these usability recommendations shall hopefully discourage bad security habits, such as writing passwords down if the password is too long to remember.

Particular care was taken when designing a clear and usable interface. As this is a password checker for minors, it is vital to effectively communicate feedback in a child-friendly manner that avoids too many confusing terms that may intimidate a child. Messages that we show to the user are easily understandable to young children so that even the youngest users are kept in-the-loop on the features that define a secure password. To do this we used encouraging and straightforward language in all of our messages, taking care to avoid technical terms like ‘special characters’ or ‘upper-case’ and complex words like ‘combination’. As a result, the password checker's feedback is concise, clear and simple. We also decided that colours were a suitable way of emphasising suggestions to aid communication, using the ‘red is bad, green is good’ colour scheme.

Furthermore, precautions have been taken not to clutter the interface with information. There are many standards and guidelines for creating a strong password, but showing them to the user all at once would only distract them from the task. Also, it is well known that children typically have a shorter attention span than adults. Therefore, it is not acceptable to rely on static written rules when trying to motivate a minor to develop a secure password. When using the password checker, the user is presented with a simple username and password input, and a condensed list of five basic requirements for a good password. This ensures the user is given at least the basic knowledge they require to start working on a password while not flooding them with so much information that they don’t know where to start. Checking the boxes next to each requirement increases the count for the number of requirements met. This adds a fun gamified element to creating a secure password. By challenging the user to meet as many requirements as possible, the user is encouraged to make a secure password without explicitly telling them they must use certain features to be secure. In addition, the feedback is instantaneous and dynamic as the user is typing to further enable interactivity and promote a subconscious reinforcement of good security practices.

Below is a video where I, and the other members of the group, explain the functionality of the password checker application and the design decisions that guided us to create an application that achieves the desired security outcomes while best suiting the needs of the intended user demographic (children).



Further design explanations and technical details are available at the project's GitHub repository.