Sierra Ward //
We’re getting to that stage of life where we have to make some hard decisions regarding our parents. How do we help them through sickness? When and how do we know when it might be time to convince them to reconsider driving? And when will it be time for them to say goodbye to the privilege of managing sensitive data online.
I recently had the tough conversation about password management with my own parents – as predicted, it was almost harder than telling them I was taking away the car. To be fair, I’ve been having information security pep talks with them for a while now so this wasn’t out of the blue sky. When I find good end user information I forward it to them. I’ve explained to them about catching phishing emails, watching actual URLs, password hygiene, and how they need to stop using short easy passwords and actually, maybe… possibly… consider a password manager for longer more complex passwords. But for the most part this was met with the fear of trying to learn a new system for everything they already do online.
I try to be sensitive to this. It’s easy to be frustrated with older people and their refusal to adopt new technology. But… I’m sure that in just a few short years I’ll be the old foghey who can’t quite grasp new things when my own kids try to explain to me the new systems and requirements for the dawn of yet a new age.
Finally, after years of nagging, my mom finally had me sit down with her and set up a password manager. I explained that as hard as it is to get used to, it will greatly simplify life. She struggled at first and was a little perturbed when she realized having two-factor on meant she needed to basically be attached to her cell phone – ahhh, the universal mom struggle.
She upgraded her passwords and battened down all the hatches. It was hard, and required several hours where I sat near her to answer questions. But she did it. Then the real struggle came.
“But now I can’t look at the bank accounts online!” dad said, hugely perturbed that I’d gone and wrecked the good thing he had going.
“Well, you need to open a password manager and you can share those particular passwords with mom,” I told him.
“I’m not going to do that!” he said stubbornly.
“Mom has shown great perseverance. She’s done something frustrating and difficult for her. If you aren’t able to take the time and energy to learn a new system then I’m not sure you’re responsible enough to manage financial information online.”
Unsurprisingly, he was not at all happy with this verdict. But like most kids, I know exactly how much I can push my parents. I knew by his voice that as frustrated as he was by what I was telling him, he also knew I was right. He eventually admitted defeat and backed down from managing important accounts online. Mom breathed a sigh of relief as this verdict was a lot easier coming from me than from her.
Mom continued to surprise me in the following weeks, even calling her bank to turn on two-factor and making other customer demands from companies with whom she does business.
It got me thinking, in the industry of info sec we’re often frustrated by end-users. But perhaps, end-users are what will really take us over the brink for education and awareness in the wider marketplace. Will it be end-users who demand better infosec practices from the businesses they patron? Will it be end-users who force companies to get penetration tested and secure their products and services because they stop using those businesses services otherwise? Either way, more education is always a good thing! A high five to my mom for moving into this new age with panache and grace!