Here you are, the time has come. You have done all your research, you have read the articles, listened to the podcasts and heard the mainstream geeks prattle on about online safety for your kids. You open the device, open the parental controls app and begin, but before you can, you have to set a PIN code.
Every single one of us who have tried to secure a device has been at this point, we pop in a quick four digits and move on to the critical, complicated stuff. We labor and think about all the ramifications of every setting, we limit, tweak, and ban apps, we lock down payment options, micro-transaction, social interaction settings, time limits and anything else we deem necessary for a safe and healthy child. We hand over the device, have a talk about rules and expectations, and we move on with our lives knowing that we have done our job to protect our child. Sound familiar? Well, let me add the next all-to-familiar chapter to this brief story. A few weeks later we find our child doing that thing they weren’t supposed to be able to do, going to that site we had blocked, playing that game we didn’t want them to have and sending those DMs to the people we didn’t want them to interact with. Why?!? At this point, many of us throw up our hands in defeat because our kids are just so much smarter than we are… But is that really why they got past our locks and controls? Most of the time, no. They didn’t hack the device or do some really savvy coding trick that cracked the unit open. No, most of the time they just kept their ears and eyes open and quickly learned the most crucial hacking tool of all, the password.
You see, the very first step of you setting up your parental controls is entering a PIN number. Like all our other passwords, most of us reuse PIN numbers because we don’t want to have to try to remember them. We use the same four digits to secure the parental controls on our child’s device as we do to unlock the back door, use the ATM and change the viewer on Netflix. What we don’t realize at that time is, our kids already know that code. They are sitting in the backseat of the car when you drive thru the ATM, watching you reach out thru that window and key in each of those four numbers in order, every time. They are sitting on the couch when you punch in that code to Netflix, watching you slide the selector across each digit in order on the 70″ TV screen. They even hear you speak it aloud to people on the phone to verify your identity. Then, when they do try to break those rules, BOOM! Blocked by a PIN, so, they enter the first thing they have seen you do. They put in your PIN. Now the device thinks they are you. They have access and can bypass or change settings at will. So what do you do now? You change the PIN on that device to your OTHER PIN, the one they could never know, and after re-explaining the rules, re-explaining your expectations, and re-handing the device over to them, you find them doing it all again! Why? I guess we think our kids are stupid or something. They are not smarter than you, but they are smart and motivated. That is why they know your second PIN too. So what SHOULD we do to fix this?
The problem here is two-fold as I see it. First, we are lazy or at least complacent, which makes it easier for our kids to take advantage of us. Second, most companies, Apple included, only have provisioning for a four-digit PIN for parental controls.
What steps can we take not to be complacent and lazy? Well, don’t use your standard PIN for parental controls obviously, but let me give some other helpful pointers on what we can do along with that. First, when you first set the PIN code, assume it will be breached. Your kids will work night and day to get past this, so make sure it is a burner. Only ever use PINs that you can walk away from at any time, not your ATM PIN. Also, don’t use your house number, your car license, your phone number, or keypad patterns, they guess those second. Next, change that PIN a lot! Really twice as much as you think you should be half as much as you need. My reasoning here is this, my kids (3 of them) have lots of downtimes to crack this code, this pathetic four digit code. With three of them on several devices, sharing data in a brute force hack attempt, they can try every combination in a matter of weeks. Therefore, if they don’t know I am changing the PIN, I become more and more likely to change it to something they have already tried, making it exponentially more difficult for them to realize the issue and start over. Also, by changing the code a lot, if they do crack it, it doesn’t stay cracked for long. Another step you can take is NEVER to use the same PIN over. They will figure that out quick. Every time I have observed kids code breaking this way, they always retry the successful codes first. They know we are creatures of habit. On the devices and apps that allow it, don’t use a four-digit PIN, use an elaborate passphrase instead. If you utilize a password management vault, use it to generate very long, very difficult passphrases. The harder it is for you to type in, the less often they will be able to crack it. Another step I take for device security is this, Never write the PIN/passphrase down, especially in the Notes app or any other place they can access from your desktop Mac or PC that could be keyword searchable. If you think for a minute that your ten-year-old won’t log into your PC and search your files for a “password” document, you are sadly mistaken. The last really critical step I maintain in my securing of my PIN is this: I check their devices often.
Even though I have full control of the parental control from my own phone, I go get their device and use it once in a while. Not only will I see things if they change them, but I will also see failed attempts to code break. With Apple iOS, for instance, I am using “ScreenTime” to limit their device use. (Apple’s “ScreenTime” updates are some of the best in the business, except for their 4 digit PIN) When I use the ScreenTime tab in their settings, I see the number of failed attempts in a red notification circle when I go to code in. Why is this important? What do I do with this knowledge? Well, I have imposed limits that are physical as well as software. You see, my kids know that if I see a red number on the PIN code, I know they are trying to hack me. They also know that I have rules which have to be followed, my “no hacking” rule is followed up and enforced by my “no device for a week if you hack” rule, and I stand by that rule. I don’t bend, I don’t give in. My kids are not in charge of my house, I am, and after they spend a whole week whining about no iPad, and I spend an entire week assigning chores every time they complain about no iPad, they learn that dad doesn’t joke about online safety and a limited iPad is better than no iPad. This is just me, You can run your house as you see fit, but in my world, parenting is an active participation event and is not easy.
After a strong and secure individual code is in use in your parental controls on your child’s device, protect that code. One of the ways our kids learn those codes, “hack” them if you will, though be it a social hack, is to present us with a need for the code at a less than optimum time so that we are not as cautious, not as likely to remember to protect the code. My own kids have done this to my wife and me, though she falls for it much more often than I do. We are in a meeting, talking to someone important or sitting in a quiet waiting room trying to do something difficult or time-consuming and they bomb us with requests for exceptions. “Mom, I just ran out of ScreenTime for this app” “Dad, I need you to approve this new feature,” then they watch as we half securely punch in the numbers. Another similar ploy is to smear stuff on the screen when they know you don’t have your phone with you, then they ask for some small innocuous thing that they know you will accept, then they study the screen to see where you touched to input the code. If this sounds like a scene from “Mission Impossible,” it is, and they watched it with you, and now they know that trick too.
The last way they get your info or get past your controls is just to use your phone to do it. My rule is my kids NEVER touch my phone. Period, full stop.
My phone is a tool, not a toy. It is costly, and my kids do not need it. They can learn to sit and look out a window, read a book or just wait quietly if they are “out of battery” and “bored.” Again, this is one thing my own wife often forgets. Hand your phone to your seven-year-old and that night, he has no limits, no WIFI restrictions, no content filters. They have even gone as far as to add their own fingerprint to the login so they could get back into the phone again later. Couple that trick with an EERO app that doesn’t secure the login AT ALL, and my kids were able to turn their own wifi back on at will, but that is a story for a different day. The point here is, your phone, laptop, PC, Mac, iPad is the keys to the castle. Your device, every one of your own personal devices, need to be secured to maintain the security of your child’s parental controls. There is no easy answer, there is no quick solution.
Now, as I mentioned above, even if you do everything you can, most of these codes are only allowed to be four numbers. Because of that, you and I need to reach out to the device manufacturers, parental controls engineers, and the software designers and begin demanding that they increase the number of options available. This is not a demanding or overbearing request. Apple already does this for you when you sign into iCloud. If you remember a few years back it was a four-digit PIN to secure your iPhone and iCloud, now they give you the option to choose anything from no security (bad idea) to a complex passphrase. There is no reason they cannot offer the same toggle in parental controls. File those bug reports, feedbacks, ratings, rankings, and radars with all the manufacturers until all the devices have complex parental controls lock codes.
There you have it, the number one way parental controls fail is that we, the parents, don’t properly secure them. Now take what you have learned, start to implement it and if you have questions, put those in the comments. You can also reach out to me on Twitter, Pinterest, Facebook, or use the email form in the “Contact” page to drop me a note. Remember, parenting is an active sport, it is not easy, but it is worth it. Teach and correct your kids as you protect and nurture them, and always with Kindness and Love.
Categories: Kids and Tech