I live with two computer hackers.

I should have known something would go wrong, with the boys’ crazy-early literacy and computer literacy, and their early crimes. But no, we let them have a linux account for more serious things, and a windows machine for games.

That windows machine quickly got a password applied, when we discovered the brats sneaking down very early in the morning to play. So now they get windows time, after they earn it with schoolwork or something, and when we type in the password – and with a time limit applied. Then lock/suspend, and cycle repeats.

Ever since then, there has been a cat & mouse game in the house. The boys have been trying to sneak a peek at the password, so they could again get some extra time. Some of their schemes have included:

  • looking over the shoulder. This really worked! We’ve gone through a dozen different words / phrases, as the preschoolers / gradeschoolers figured each one out.

  • one brother distracting us, making us look at him, while the other brother looks at our touch-typing hands. I think this one has worked too.

  • getting some hints about the password (a character or two), so as to power a brute-force password guessing program of our joint design. This really worked – but we played along to motivate them to learn python.

  • placing a couple of cameras near the computer keyboards. This really didn’t work, as a camera was on a giant tripod, and the aim point was marked with a big red X in red duct tape on the floor. Did I mention red?

But the last one they came up with was more clever than I thought they were capable of.

To set the stage, the linux and the windows computers are side by side. Both use wireless keyboards. They bring to us the windows box’s keyboard, when they think they deserve it, so we can type in the code. Remember that they have relatively open access to the linux one. Now … how would you cheat your way in?

Darn brats. They came up with two separate methods.

Method one. Bring us the wrong keyboard. We type in the password. Look, it doesn’t work. So a few seconds later the boy runs off, then back with the correct keyboard, “sorry for the mistake!”. We type in the password; look it works now. And of course, the linux machine also has the plaintext password!

Method two. Bring us the right keyboard — but swap the USB RF receiver dongles between the two computers. We type in the password. Look, it doesn’t work. Darn windows machine. “We’ll just fix it another time, go read another book!”. In the mean time, snickering comes from the next room, for again the plaintext password is right there on the linux box.

Things are getting pretty serious around here. I’m worried we’ll have to move to multi-factor authentication on all of our boxes — and that’s not even because of the CIA or ELF or CCCP or GCHQ. It’s because of the brats.