Sex Ed: Toxic Masculinity, Emotional Expression, Online Privacy, Identity Management, Dress Codes, Bodily Autonomy, and Purity Culture

Sex ed is a topic of discussion in our community right now as the school district takes input on updating the curriculum. The talk is, predictably, preoccupied with online predators and sexting. These are certainly valid concerns, but the conversations don’t get very structural.

#MeToo, #ChurchToo, #ShulToo#EmptyThePews, and #WhyIDidntReport have revealed pervasive abuse, harassment, and misconduct through the depth and breadth of our society. Companies, churches, shuls, schools, and all of our institutions have failed girls and women. We need to teach inclusion and codes of conduct in K-12 and from the pulpit. We must stop raising MRAs, PUAs, incels, redpillers, ComicsGaters, and GamerGaters who reject inclusion and pluralism. These distillations of toxicity and resentment have turned social media into misogynist sties that harass and repel women. They have radicalized young white men into violent misogynists.


Toxic Masculinity

Whether we’re talking about race or gender or class, popular culture is where the pedagogy is, it’s where the learning is.


When getting structural, start by taking a look at our media. The most popular TV show, Big Bang Theory, is driven by toxic masculinity and ironic lampshading for misogyny.  The Pop Culture Detective has a great series of videos on toxic masculinity and emotional expression. Here are the episodes on Big Bang Theory.





And this is where ironic lampshading comes in, which is when media makers deliberately call attention to a dissonant or overly clichéd aspect of their own production. Rather than writing different punchlines the writers attempt to duck any criticism by pointing out the sexism inherent in their own jokes themselves.

The technique of making something super obvious to viewers meant to let us know that the writers are self-aware and to make us feel like we’re all in on the joke. Most comedy writers know that retrograde style bigotry is no longer acceptable on primetime television, but they still want to use sexist, racist and homophobic jokes as an easy way to get cheap laughs. Ironic lampshading provides a clever way for them to keep getting away with it.

The problem with this comedic device is that, by itself, it doesn’t critique or challenge sexism homophobia or racism. It’s simply acknowledges it in a humorous way. Acknowledging bigotry is not the same as critiquing bigotry, especially when the punchlines end up making light of serious social issues like sexual harassment.

Source: The Adorkable Misogyny of The Big Bang Theory

But it’s just TV, you say? Well, the President of the United States is a sitcom misogynist performing his act for rallies full of people. They applaud his toxic worldview like laugh tracks to a sitcom.

Setup, punchline, applause. What we’re applauding are the pathologies we see in our schools. Treating women as pieces of meat who primarily exist for male pleasure is a message that comes at us from every level of society, including the bully pulpit (giving a new connotation to the phrase). When misogynists like Trump watch TV, they see people laughing along with characters doing what they do in real life. Marginalizing and harassing women is mass entertainment played for yucks, and we see the effects. This is our national pedagogy.

Normalization: The cultural process by which a particular attitude, ideology, or behavior becomes established and entrenched in social life. It’s the cultural process through which we come to expect and accept something as natural and normal.

Source: Donald Trump: The Sitcom Misogynist




“Toxic masculinity,” on the other hand, is a loose term that’s used to refer to a subset of those behaviors which are harmful or destructive. It’s often used as a sort of shorthand to describe behaviors linked to domination, humiliation, and control.

It’s marked by things like emotional detachment and hyper-competitiveness.

It’s also connected to the sexual objectification of women, as well as other predatory sexual behaviors.

It’s also linked very closely with aggression, intimidation and violence.

Source: What Is Toxic Masculinity?

Emotional Expression and Detachment

The way we ‘turn boys into men’ is through injury: We sever them from their mothers, research tells us, far too early. We pull them away from their own expressiveness, from their feelings, from sensitivity to others. The very phrase ‘be a man’ means suck it up and keep going. Disconnection is not fallout from traditional masculinity. Disconnection is masculinity.

Anger often hides depression and profound sorrow. Depression often masks the inability to grieve. Males are not given the emotional space to grieve. … Males are still being taught to keep it in and, worse, to deny that they feel like crying.

Unable to cope with the loss of emotional connection, boys internalize the pain and mask it with indifference or rage.

Source: The Will to Change: Men, Masculinity, and Love by bell hooks | Goodreads



The open expression of vulnerability is extremely gendered in Western media culture. Being emotional, especially crying, is seen as stereotypically feminine, as “girl stuff.” We’re all familiar with the stereotype that women are “over-emotional” or “irrational” or “too sensitive.” Now of course, that stereotype is complete nonsense. Everyone has these emotions and everyone has these feelings.

We’re taught that young men should bottle up most of their feelings. That anger or aggression may sometimes be permissible for some men in certain situations, but that vulnerability is strictly off limits because it’s been culturally associated with weakness. But on Steven Universe vulnerability is not equated with weakness, instead it’s simply equated with being a human being.

The lesson here is that men and boys don’t need to protect their loved ones from things that might scare them. Men don’t have to weather the storm alone. Instead we can work through life’s struggles together with our friends, our lovers, and our families.

It’s going to take a long time for us to collectively unlearn these harmful notions about detached manhood. But Steven’s open and emotionally expressive version of masculinity, that’s an inspirational example for us all.

Source: Emotional Expression on Steven Universe

Long before he donned the mask of Darth Vader, Anakin Skywalker is instructed to wear another mask: a mask of emotional invulnerability.

I want to underscore the message being presented here. Anakin’s feelings of pain and loss are understandable and completely normal. But instead of getting the emotional support he so desperately needs, this child is instead publicly shamed for expressing his feelings of grief and sadness. And that’s because emotional detachment is valued above all else in the Jedi Order. Young Jedi are instructed to sever all close emotional connections to the people they care about. They must learn to hide their feelings from others, to deny their emotional selves, and to always present a stoic exterior to the world.

Jedi philosophy gets it entirely backwards. Emotional detachment doesn’t prevent men from turning to the Dark Side. Emotional detachment is the cause of men turning to the Dark Side. In the end it’s the Jedi and their philosophy of emotional detachment that’s ultimately responsible for the creation of Darth Vader.

Listening to the teachings of Yoda and Obi-Wan is a guaranteed recipe for creating lonely, angry, broken people.

Source: The Case Against The Jedi

Online Privacy

Living Privately. — Building and maintaining a sense of what to show in each social environment. — Discovering and creating new environments in which we can show more of ourselves. — Assessing where you can grow new parts of yourself which aren’t (yet) for public display.

Source: On Privacy – Human Systems – Medium

The Smart Girl’s Guide to Online Privacy by @violetblue is a great resource for staying safe on the internet written with the problems girls face online in mind. Here’s a selection from chapter 4, “Female Trouble”.

When a woman gets hacked, she’s got a lot more to lose, and if Mat Honan were a woman, you can be almost certain that his experience of getting severely hacked would have been different. Not only would a girl go through everything Honan experienced, but on top of all that, she would also be subjected to gender targeting and all the ugly stuff that goes along with it. Think about your intimate photos of yourself, ranging from swimsuit shots and selfies with cleavage to the photos and videos that are meant only for the eyes of a person you trust. Such photos, in the hands of someone who doesn’t care about you or your safety (or worse, someone who gets off on hurting women), are disastrous, no matter how proud you are of your body, how sex-positive you may be, or how comfortable you feel with being sexy and strong at the same time. In this chapter, I’ll show you how to take charge of a situation in which your private content has been posted online maliciously or an attacker has otherwise attempted to compromise your reputation. This happens to people of all genders, but not as much as it happens to girls. Our gender makes us targets. Being “online while female” isn’t fair, but it’s a fact. Here’s how you can fight back.

Source: Blue, Violet. The Smart Girl’s Guide to Privacy: Practical Tips for Staying Safe Online (pp. 49-50). No Starch Press. Kindle Edition.

Find out:

  • Why appearing on “People Finder” websites isn’t as harmless as it seems.
  • What do do when a compromising photo of you ends up on the internet.
  • How to keep your address and phone number private from exes, stalkers and that creepy guy who just hit on you at the bar.
  • Why online privacy is just as important – if not more important – than your physical privacy.
  • What websites you can trust – and those you can’t.
  • The privacy holes that hurt working women most.
  • Common personal information you didn’t realize was on the internet.
  • How social media makes all those privacy questions on your bank/amazon/email recovery system moot.
  • How to find out if someone has been on your computer or in your email.

This book is especially for:

  • Women with online dating profiles.
  • Anyone on a job search.
  • Women looking to keep their personal life from leaking to their work.
  • Independent business people.
  • Parents – help show your kids what information they’re leaking.
  • Anyone concerned about family, social sharing and privacy.
  • Students facing social choices that might affect their future.
  • Anyone who’s ever sent a photo to someone they wish they hadn’t.

Source: THE BOOK | The Smart Girl’s Guide to Privacy

There are a variety of ways to purchase the book. I recommend it highly. Buy it not just for your daughters, but for your sons.

Password and Identity Management

“Password reuse is what really kills you,” says Diana Smetters, a software engineer at Google who works on authentication systems. “There is a very efficient economy for exchanging that information.”

Source: Kill the Password: A String of Characters Won’t Protect You | WIRED

According to security experts, today the industry is dealing with a password reuse crisis. In the past few weeks, account breaches have been reported by LinkedIn, Tumblr,, Fling and MySpace – bringing the total number of compromised accounts to more than 642 million.

“We know that attackers will go for the weakest link and that is any user who reuses their passwords. It’s a major problem,”

Source: No Simple Fix for Password Reuse

Social media sites are littered with seemingly innocuous little quizzes, games and surveys urging people to reminisce about specific topics, such as “What was your first job,” or “What was your first car?” The problem with participating in these informal surveys is that in doing so you may be inadvertently giving away the answers to “secret questions” that can be used to unlock access to a host of your online identities and accounts.

Source: Don’t Give Away Historic Details About Yourself — Krebs on Security

At most schools, student identities are protected by weak passwords trivially derived from usernames and reused everywhere. Once someone gets ahold of your email password, they can reset your passwords elsewhere and pwn your life. When you reuse passwords, a data leak on a forgotten site can be escalated into a takeover of your email and your identity.

We’re teaching kids bad habits from the get-go. The adults in their life are not modeling good practices. My piece “Privacy and Passwords” has some suggestions. It cribs from Chapter 10, “I Hate Passwords”, of the Smart Girl’s Guide. The TLDR version is: Don’t give away historic details about yourself, use a password manager, turn on two-factor authentication (especially for email), and never reuse passwords.

Dress Codes

Does your school reinforce harassment and rape culture with its dress codes? Yes, it does.

“I am not a distraction.”

It’s the statement that’s become a rallying cry across the burgeoning movement against inequitable school dress codes, a movement propelled largely by the young girls who are so often targeted by policies that label the parts of their bodies ― whether covered by yoga pants, spaghetti straps, gym shorts, leggings or tank tops ― as “distractions.”

But recently, Evanston Township High School in Illinois gained accolades for releasing an updated dress code that explicitly forbids body shaming and aims to diminish marginalization of students based on their “race, sex, gender identity, gender expression, sexual orientation, ethnicity, religion, cultural observance, household income or body type/size.”

Source: Sexist School Dress Codes Are A Problem, And Oregon May Have The Answer

Students, parents, and others have a number of concerns about public school dress codes and their impact on female students. One concern is that many dress codes are explicitly gender-specific, targeting girls but not boys, or are at least selectively enforced such that they impact female students disproportionately. Student discipline includes removal from class, receiving detention, being sent home, or forced to wear a “shame suit” indicating she has violated the school dress code. Female students are powerfully affected by these policies and many express a profound sense of injustice.” The consequences of being “dress coded” have a negative impact on student learning and participation. Beyond the immediate disruption resulting from removal, detention, and the like, studies suggest that a preoccupation with physical appearance based on sexualized norms disrupts mental capacity and cognitive function.

Consistent with the research on sexualization of girls, many are concerned about the larger symbolic messages that dress codes and their enforcement send to students and society. A common thread among school justifications for sex-specific dress codes is that provocative clothing will distract their male classmates or make male teachers feel uncomfortable. A number of commentators thus maintain dress codes communicate that girls’ bodies are inherently sexual, provocative, dangerous, and that harassment is inevitable. Dress codes and their enforcement can impose sexuality on girls even when they do not perceive themselves in sexual terms. Gender study scholars report that dress codes generally have negative ramifications for women, sending a message that exposing the female body is bad. Laura Bates of The Everyday Sexism Project characterizes the dress code phenomenon as “teach[ing] our children that girls’ bodies are dangerous, powerful and sexualized, and that boys are biologically programmed to objectify and harass them.” Thus, dress codes can constitute a type of “everyday pedagogy,” reproducing normative gender and sexuality preferences.

Source: Sexualization, Sex Discrimination, and Public School Dress Codes

  • No student should be affected by dress code enforcement because of racial identity, sex assigned at birth, gender identity or expression, sexual orientation, ethnicity, cultural or religious identity, household income, body size/type, or body maturity.
  • School staff shall not enforce the school’s dress code more strictly against transgender and gender nonconforming students than other students.
  • Students should not be shamed or required to display their body in front of others (students, parents, or staff) in school. “Shaming” includes, but is not limited to:
    • kneeling or bending over to check attire fit;
    • measuring straps or skirt length;
    • asking students to account for their attire in the classroom or in hallways in front of others;
    • calling out students in spaces, in hallways, or in classrooms about perceived dress code violations in front of others; in particular, directing students to correct sagged pants that do not expose the entire undergarment, or confronting students about visible bra straps, since visible waistbands and straps on undergarments are permitted; and,
    • accusing students of “distracting” other students with their clothing.

Source: Back-to-School Information / Student Dress Code

We sexualize and racialize bodies through dress codes that target specific people while simultaneously maintaining that these one-dimensional standards are universal. All the while, do we ever consider exactly how a dress code benefits student success and the greater good of education? I was once suspended for wearing my hat in the hallway. I missed two days of school and the only learning I soaked in was that the school and the real world were two distinct places in which one of them pissed me off exponentially more than the other.

We should be thinking about ways to engage all learners in education. We should teach that there is a time and place for particular aesthetics, but I question whether or not that should be done through a dress code policy. Perhaps explicit teaching practice that fosters student awareness on the complexities of cultural appropriateness, spatial or social awareness, and for lack of a better term, “playing the game of school” (which translates into the “game” of life, at least, arguably, from a cultural standpoint) is a better route to take. If you think a dress code is appropriate, bring every stakeholder to the table and have an honest discussion. Do not rely on the so-called gaze of the powerful and privileged to dictate what is and is not acceptable. If we allow this, it is clear how and who such a policy affects.

Source: Decoding School Dress Codes – March For Public Education – Medium

Bodily Autonomy

Anything that erodes bodily autonomy reinforces rape culture. Bodily autonomy is a human rights and social justice framework that can unite movements.

Because I wrote a book about women’s sexuality, a journalist recently asked me,”What do women need, for really great sex?”

I said, “Basic bodily autonomy.”

But I want to amend that answer.

First, what do I mean by basic bodily autonomy?

It’s not just control over the decision of whether and when to have any kind of sex - though it is that; the conservative, low estimate is that one in four women will experience sex and relationship violence, compared to one in six men.

For great sex, women need basic bodily autonomy - not being punished (raped or mudered) or judged or shamed, either when we say yes or when we say no. And that will only happen fully when men stop measuring their own worth in terms of their access to women’s sexual bodies. So we need that, too.

Source: Me too – Emily Nagoski – Medium

Now, many sex ed programs venture beyond basic anatomy and biology (and condoms on bananas), to help young people understand healthy sexuality, from gender identity to bodily autonomy.

Backed by the momentum of #MeToo – which exposed the prevalence of sexual violence – many sex educators say programs should begin earlier and cover more emotional, intellectual and social elements of sexual health.

Source: Sex ed: Not what your parents remember. And #metoo may change it again

“Bodily autonomy,” as an abstract philosophical principle, dates back at least to the ancient Greek philosophers. Over the centuries, legal scholars and political philosophershave thought hard about the relationship between rights and laws, the individual and the group, and the sovereign state and the autonomous individual. In American activist circles, bodily autonomy is most often invoked around the fight for reproductive rights. But what I haven’t seen is an effort to harness this principle in a way that binds our seemingly separate movements together.

Let’s start with the disability piece. I’m the father of a boy with Down syndrome. My concerns for him and for the extended disabled community include opposition to institutionalization, forced sterilization and other eugenic practices, involuntary surgery, mandatory drug regimes, denial of rights for disabled parents, protection for disabled children from violent caregivers and teachers, and lack of accommodations for non-typical bodies. In each case, these issues require a government that refrains from coercing disabled bodies and protects disabled bodies from private coercion. Bodily autonomy extends over these seemingly quite disparate issues.

Source: My Body, My Choice: Why the Principle of Bodily Autonomy Can Unite the Left | The Nation

Purity Culture

And, finally, the big hurt: purity culture. “Purity culture is rape culture in its Sunday best.” I will let ex-evangelicals speak to this.


Evangelical churches, with their insistence on a God-given patriarchal system in which women are believed to be created as male helpmeets, are also facing a potential tsunami of online and private allegations about sexual abuse. After the Harvey Weinstein celebrity revelations prompted the #MeToo movement, two ex-evangelical women started a #ChurchToo movement. The women, Emily Joy and Hannah Paasch, both 27, told Newsweek that after they started the hashtag, they were inundated with thousands of public and private messages from women and girls describing abuse from pastors and at fundamentalist Christian schools and colleges, mostly swept under the rug.

Source: Trump and White Evangelicals: Support for President Grows, But Millennials Leave Movement

Any appropriate response to #ChurchToo and the problem of sexual assault and abuse in religious communities necessitates the total dismantling and rejecting of purity culture. Lest my words not be taken as radically as I mean them in my heart, what I mean is that we absolutely must stop believing in and teaching that:

A. Total sexual abstinence is morally mandated and required by God until marriage

B. Being heterosexual and cisgendered is “God’s best” and LGBTQ identities are a symptom of “broken” sexuality

C. Women have the responsibility to dress modestly to avoid causing others to stumble

D. Men are to be the leaders in the church and the family, and women are to follow their lead

The heartbreak, the dysfunction, the mental illnesses, the broken families, the lost lives of queer kids, the shame and self-loathing that sticks with you for life no matter how far away you get. Purity culture has blood on its hands – which is why calls to “reach across the theological aisle” are as offensive as they are ludicrous. You can’t “work for change” alongside those who don’t believe you’re fully human or that you’re fundamentally broken because you’re not like them – especially when they are so unwilling to admit that that is what they actually believe that they would rather call their hatred “love” than admit that their theology mandates behavior that is the farthest thing in the world from loving. We can’t agree on basic terms and definitions with Christians entrenched in purity culture – we are not even using the same words to mean the same basic and essential things. Concepts like “love” “God” “Jesus” “knowledge” “right” and “wrong” lose all meaningfulness in the rubric of purity culture that sorts the morality of actions based on whether they align with one’s narrow and limited interpretation of a holy text, not based on whether they contribute to greater human love and flourishing. And ultimately, if we don’t have that, then all we have is the empty promise of being rescued from a made-up hell in exchange for 70 years of being miserable and making others miserable here on earth. And that’s not good enough for me.

Source: What’s Purity Culture Got To Do With It? — Emily Joy Poetry

This purity culture has deep, oppressing consequences. When women fight for access to birth control by citing non-contraceptive uses-polycystic ovary syndrome, endometriosis, amenorrhea-as if a prescription for its use to simply enjoy sex without getting pregnant is a moral failing-we see the reach of this problem, of how we think about women’s sexuality. Women who’ve suffered female genital mutilation are victims of this virginity fetish, too.

Rape culture and purity culture are two sides of the same coin, where women lose no matter the outcome of the toss. And God forbid a woman find herself in a situation where there is no escape, where the safest option of the moment is submission: she’ll be whispered about and judged by both sides, and when she’s not dismissed as a liar, she’s considered a whore. There is no room for context or understanding-only guilt, shame, and blame. When the choice is between being physically or morally devalued, silence can seem the wisest, least threatening choice.

Source: It’s time we addressed our society’s toxic ‘purity culture’ –

But the purity movement isn’t all witty underpants and daughters dancing on their fathers’ shoes. The same tenets that underpin purity culture-namely, rigid beliefs about gender and sexuality-are also the features that sustain rape culture. And the negative outcomes are as multifaceted as my purity ring: sexual shame, self-loathing, fear-based morality, and marked ignorance about sexual concepts.

One researcher describes the cost of purity culture as deep sexual shame and self-loathing so intense that she compares it to survivors of childhood sexual assault. An alumnus of a radicalized Christian college reports that the majority of women who graduate from the school cannot label their own anatomies or explain the basics of sex. For young adults kept woefully ignorant by abstinence initiatives, more advanced topics like consent and coercion are even more obscured.

In assessing the efficacy of purity vows, the findings are also grim. Researchers using those tallied pledge cards report no differences between virginity pledgers and control adolescents in terms of sexual behaviors. It turns out true love doesn’t wait-and it also doesn’t use condoms. Adolescents who sign virginity pledges are much less likely to use birth control or condoms and are at increased risk for both pregnancy and STIs.

One team of researchers, tasked with evaluating the arc of abstinence-only initiatives, decries abstinence programs as a threat to adolescents’ fundamental rights. They also note that the programs “reinforce gender stereotypes about female passivity and male aggressiveness,” highlighting a distinct similarity between purity culture and rape culture.

Source: Evangelical Christian Campuses Are Kissing Consent Goodbye | Bitch Media

Evangelical Purity Culture is an exercise in controlling female sexual desire.

Source: How Evangelical Purity Culture Sacrifices Female Pleasure — Fundamentally Free

Billy Graham gave misogynistic evangelical purity culture his considerably authoritative imprimatur, contributing to the psychological scars left on many ex-evangelicals who are now speaking out against the community we were raised in.

Source: In Billy We Trust? How “America’s Pastor” Birthed Our New Theocratic Wave | Playboy

I haven’t read this book yet, but I see it recommended in #exvangelical circles: A Lily Among the Thorns: Imagining a New Christian Sexuality

“With 1Password Business, each employee on your team gets a free 1Password Families membership.”

With 1Password Business, each employee on your team gets a free 1Password Families membership. This way they can learn the habits they need to protect themselves and your company.

Source: Introducing 1Password Business – AgileBits Blog

Yay. I love this. I was an early beta tester of 1Password for Teams and Families. I like and trust their products. They have earned their great reputation. Moves like this bolster that rep.

Passwords and privacy are important modern literacy. We all need to be learning the habits to protect ourselves. Families need password managers. Employees need password managers. Public education very much needs password managers. Privacy should not be a function of privilege. Equip all students with password managers and include use of them in curriculum. Password and identity management are essential to digital pedagogy and parenting.

Until something better than passwords reaches broad deployment, we must equip ourselves to handle them safely. Let’s teach ourselves, our students, and our kids how to secure the keys to our identity.

I collected password advice in my “Privacy and Passwords” piece.

K12 classrooms-and most families-have bad password practices. Passwords for Google Classroom accounts are often derived from usernames. That password is then reused when signing up for other online accounts. This violates three of the most important rules of protecting online privacy and identity. From Krebs on Security:

  • Do not use your network username as your password.
  • Avoid using the same password at multiple Web sites.
  • Never use the password you’ve picked for your email account at any online site: If you do, and an e-commerce site you are registered at gets hacked, there’s a good chance someone will be reading your e-mail soon.

In that piece, I include several selections from the Smart Girl’s Guide to Online Privacy by @violetblue. Check out Chapter 10, “I Hate Passwords”, of this well-respected and widely-recommended book.

Privacy and Passwords

Living Privately. - Building and maintaining a sense of what to show in each social environment. - Discovering and creating new environments in which we can show more of ourselves. - Assessing where you can grow new parts of yourself which aren’t (yet) for public display.

Source: On Privacy – Human Systems – Medium

K12 classrooms–and most families–have bad password practices. Passwords for Google Classroom accounts are often derived from usernames. That password is then reused when signing up for other online accounts. This violates three of the most important rules of protecting online privacy and identity. From Krebs on Security:

  • Do not use your network username as your password.
  • Avoid using the same password at multiple Web sites.
  • Never use the password you’ve picked for your email account at any online site: If you do, and an e-commerce site you are registered at gets hacked, there’s a good chance someone will be reading your e-mail soon.

xkcd explains the dangers of password reuse.

“Password reuse is what really kills you,” says Diana Smetters, a software engineer at Google who works on authentication systems. “There is a very efficient economy for exchanging that information.”

Source: Kill the Password: A String of Characters Won’t Protect You | WIRED

According to security experts, today the industry is dealing with a password reuse crisis. In the past few weeks, account breaches have been reported by LinkedIn, Tumblr,, Fling and MySpace – bringing the total number of compromised accounts to more than 642 million.

“We know that attackers will go for the weakest link and that is any user who reuses their passwords. It’s a major problem,”

Source: No Simple Fix for Password Reuse

At most schools, student identities are protected by weak passwords trivially derived from usernames and reused everywhere. Once someone gets ahold of your email password, they can reset your passwords elsewhere and pwn your life. When you reuse passwords, a data leak on a forgotten site can be escalated into takeover of your email and your identity.

What to do? The Smart Girl’s Guide to Online Privacy by @violetblue is a great primer on privacy and passwords. Chapter 10, “I Hate Passwords”, is eleven pages of good advice on creating and managing passwords–from which I crib below.

TLDR: Use a password manager and never reuse passwords.

Good passwords

If you decide to use a password manager, these great little apps can generate really strong passwords for you whenever you need one. You can also use password generators on trusted websites, such as LastPass or Norton.

Follow these rules and you’ll get better passwords:

  • Make strong passwords that are at least 12 to 16 characters long.
  • Don’t use pet or family names.
  • Don’t use your address, Social Security number, birth date, or other personal information.
  • Never recycle or reuse a password— not even once.
  • Don’t let Chrome, Firefox, Safari, or any other browser save passwords for you.
  • Use password phrases (usually six or more words long) for the best security.
  • Include capital letters, numbers, and symbols if the app or site allows it.

Source: Smart Girl’s Guide to Online Privacy

But the best passwords are those generated by password managers.

Even better is to use random unmemorable alphanumeric passwords (with symbols, if the site will allow them), and a password manager like Password Safe to create and store them.

Source: Choosing Secure Passwords – Schneier on Security

Password managers

Password managers like LastPass and 1Password save all of your passwords safely in a vault and encrypt everything. That way, you have them all in one place, no one can accidentally discover them, and you can make really complicated passwords, because the manager will keep track of them (and remember them) for you. You use one master password to unlock the password manager, and it saves and encrypts your passwords either locally or on its site. Most of these applications also have crazy-awesome password creators that you can and should use to generate super-strong new passwords with one click— and the password app automatically saves them for you.

Source: Smart Girl’s Guide to Online Privacy

The penny first dropped for me just over 7 years ago to the day: The only secure password is the one you can’t remember. In an era well before the birth of Have I Been Pwned (HIBP), I was doing a bunch of password analysis on data breaches and wouldn’t you know it – people are terrible at creating passwords! Of course, we all know that but it’s interesting to look back on that post all these years later and realise that unfortunately, nothing has really changed.

The strength of most passwords is terrible. Then they get reused. Everywhere. That post was my own personal wakeup call; it was the very point where I observed that what we all needed to do was to “liberate ourselves from the tyranny of passwords”, as I said at the time, and that’s precisely what I did: I went and bought 1Password and I’ve been using it every single day since across all my devices.

Source: Troy Hunt: Have I Been Pwned is Now Partnering With 1Password

I use 1Password to generate passwords. You can adjust the password recipe to accommodate any site’s password rules. Here’s the recipe I usually use.

That’s 50 characters of random, which makes for a good password. Most sites will accept 50 characters, but there are still plenty out there that balk at passwords over 8, 10, 15, or 20 characters in length. Banks, unfortunately, are known for their short password limitations (and crufty password advice). I start at 50 and work my way down. “Complexity is nice, but length is key.” Go for long passwords.

Update: The NIST recently announced new password rules that recommend sites allow a maximum length of at least 64 characters. 1Password updated its password generator to support a 64 character maximum.

When choosing a password manager, get one that runs on all of the devices you use. I’ve used 1Password for years. It offers iOS, Android, Windows, and Mac clients. It can sync your passwords between devices via iCloud or Dropbox. If you need to share passwords among family or team members, check out 1Password for Families or 1Password for Teams. My family uses 1Password for Families. In addition to personal vaults for everyone, we have a vault shared amongst the whole family for streaming video and audio accounts. My wife and I have a shared vault for bank, medical, insurance, and other household accounts. Having log in information for all joint accounts in a shared vault improves our family’s bus factor.

How passwords are stolen

Massive data breaches are not the only threat. Be wary of shoulder surfing and social engineering.

There are simpler ways to get your password though. One is shoulder surfing, where someone watches over your shoulder as you enter your password on your computer or phone while you’re logging in on the bus or plane or at a café. Social engineering is another way that you can have your passwords stolen. Basically, social engineering involves attempts to con you into telling someone your passwords. The person conning you might call you and pretend that they’re tech support for Gmail, telling you that you have email stuck somewhere and they need your password to log in and free it up. They might know the names of your friends or colleagues, as well as their phone numbers and email addresses— all of which they can find online via social media sites like LinkedIn, Facebook, Twitter, and people-search sites. Malicious people can also use information they find about you on Facebook and other sites to correctly guess the answers to password-reset questions.

Threat model

Be realistic about your threat model. State-sponsored surveillance and hacking aren’t in the thread model of most families. Protect yourself from the much more real threat of phishing by using a password manager, unique passwords, and two factor authentication.

Sharing passwords

Here’s one thing to know: if a teacher, boss, TSA agent, police officer, or anyone else tells you that you have to give them your password, you shouldn’t do it unless you know it’s against the law not to.

If you share an account with friends or family, do it the smart way. Don’t use a password that you use anywhere else. Treat the shared account like any account that can get attacked, but know that its security is weaker than that of an account that you have total control over because it has a shared password. Don’t connect that shared account to any other accounts; otherwise an attacker could use that connection to get into those accounts.

When sharing passwords with family, consider using a password manager that accommodates shared vaults. Though I haven’t used them, there are also tools for sharing streaming video accounts.

Surveillance, privacy, data ethics, and trust

“In the educational domain we see a lot of normalisation of designing computers so that their users can’t override them. For example, school supplied laptops can be designed so that educators can monitor what their users are doing. If a school board loses control of their own security or they have bad employees, there’s nothing students can do. They are completely helpless because their machines are designed to prevent them from doing anything.”

“We have this path of surveillance that starts with prisoners, then mental patients, refugees, students, benefits claimants, blue collar workers and then white collar workers. That’s the migration path for surveillance and students are really low in the curve. People who work in education are very close to the front lines of the legitimisation of surveillance and designing computers to control their users rather than being controlled by users,” Doctorow says.

Surveillance in education can also interfere with the educational process, he says, because “nobody wants to be seen fumbling. When you are still learning, you don’t want to feel like you are being watched and judged.” Doctorow adds that, due to their lack of power, students have limited options to take control of their learning and the digital tools they use.

“I talk to students, often younger students, who say they don’t worry about surveillance because they know how to block it out; they use a proxy or something else. But, first of all, those students can get in a lot of trouble for it. In America, they could actually be committing a crime and they could go to jail for it. It also doesn’t solve the overall problem; it only solves it for them. So I’ve often said to students that rather than breaking the rules, they document the absurdity of the rules and demand that adults account for it.”

“The censorware companies mostly work in the Middle East in repressive regimes who buy it on a mass scale to try to control the flow of information in their countries. Students should contact journalists, the school board and the parents’ association and ask why they are giving money that was meant to be for their education to war criminals who spy on us.”

Source: “Peak indifference”: Cory Doctorow on surveillance in education | OEB Newsportal

Handing over data, often quite thoughtlessly, has become par for the course – in education and in society more generally. Although privacy experts have urged parents and educators to be more proactive about protecting children’s data and privacy) – while using Pokémon Go and other data-hungry apps – we now live in a culture of surveillance, where data collection and data extraction have become normalized.

Surveillance starts early. “Quantified babies” and “Surveillance Barbie” and such. Rather than actively opting children out of a world of tracking and marketing, parents increasingly opt them in – almost always without their children’s consent.

Many of us have become quite lackadaisical about the data we share. “It doesn’t matter.” “I have nothing to hide.” Schools, operating under longstanding mandates to track and to measure as much as possible, have been more than willing to expand the amount and types of data they’re collecting on students. Fears of FERPA are frequently stoked to stymy certain projects – perhaps unnecessarily in some cases – but schools have not always been cautious about who has access to student data.

Has our confidence that we or our students have “nothing to hide” changed now under President-Elect Trump?

Surveilling students, so we’re told by this sort of ed-tech futurist PR, will help instructors “monitor learning.” It will facilitate feedback. It will improve student health. It will keep students on track for graduation. It will keep schools safe from violence. It will be able to ascertain which student did what during “group work.” It will identify students who are potential political extremists. It will identify students who are suicidal. It will offer researchers a giant trove of data to study. It will “personalize education.” (More on this in the next article in this series.) Tracking biometrics and keystrokes will make education technology more secure. (Spoiler alert: this is simply not true.)

“Big Brother is coming to universities,” The Guardian pronounced in January, although arguably this culture of surveillance has been a part of education for quite some time. But undoubtedly new digital technologies exacerbate this. The monitoring of students is undertaken to identify “problem behaviors” and in turn to provide a revenue source for companies willing to monetize the data they collect about all sorts of student behaviors. “Enabled by Schools, Students Are Under Constant Surveillance by Marketers,” as the National Education Policy Center cautioned in May.

Under surveillance by marketers. Under surveillance by companies. Under surveillance by schools. Under surveillance by police. Under surveillance by governments. Under surveillance by gadgets. Under surveillance when they use school software. Under surveillance when they use social media. And again, it’s all justified with a narrative about “success” and “safety.”

Source: Top Ed-Tech Trends of 2016: Education Technology and Data Insecurity


More reading