A ransomware attack that locks down computer files and then blackmails the owner for a fee is ripping around the globe, so now everybody is thinking about how people can be better prepared to fend off hackers when they come knocking.
However, two large demographics are often left out of discussions around online security and the need for privacy-boosting tools: kids and old people. Canadian researchers want to change that with new password technology and educational comics, because an eight-year-old and an octogenarian can click a phishing link the same as anyone else.
Considering that large-scale cyber attacks like the WannaCry ransomware spread through oblivious link-clicking, this is important if we hope to stop future attacks.
"The latest statistics show that 99% of Canadian children are online outside of school, and older adults are the fastest growing group of internet users," Sonia Chiasson, the Canada Research Chair in User Centric Cybersecurity, wrote me in an email. "Both groups have distinct characteristics and needs that should be taken into account when designing interfaces for them. Yet, when you look at existing tools, most of them are targeted at the 'average' adult user."
Read More: Using a VPN Sucks
Chiasson leads the CHORUS lab at Carleton University in Ottawa, which develops tools and techniques for the very young and old to stay safe online. Some older adults might not understand the many moving parts of modern online security—password managers, virtual private networks, two-factor authentication, etc.—while kids may not realize that they're at risk in the first place, Chiasson said.
"We asked [kids] what 'online privacy' meant, and they said that it was when they were using the computer in their room with the door closed," she explained.
There are a ton of resources for kids and older adults about how to stay safe online, including some from the US government, but Chiasson said these often aren't up to snuff, or at least, they're not rigorously tested for effectiveness.
A good deal of work at the CHORUS lab has to do with empirically investigating how people use existing security tools, and evaluating how effective they are. After that, the CHORUS team attempts to bridge any identified gaps. So far, they've explored novel solutions like graphical "passwords" that work by clicking one point in a sequence of images. The goal, Chiasson explained, is to come up with a suite of security solutions that can be tailored to different users in varying situations.
The lab also focuses on educating kids and the elderly about malware, phishing attacks, and other privacy risks. These efforts so far include comics and games, and workshops for older librarians.
"Their frame of reference is very different than what we normally expect, and so when designing for them, we have to put ourselves in their shoes and consider things from their perspective," Chiasson wrote.
If Chiasson and the CHORUS lab succeed in their work, when hackers try to take down the web by trading on people's ignorance in the future, they may underestimate how ready we are to take them on.
Subscribe to Science Solved It , Motherboard's new show about the greatest mysteries that were solved by science.