Weak authentication practices that rely on passwords for security have led to widespread data breaches and successful phishing attacks. Recent advances in the cost and usability of hardware security tokens have made the prospect of effectively augmenting password-based authentication or removing it altogether a possibility. To actualize this, a paradigm change in how people learn to authenticate accounts on-line must occur. Towards this end, we describe a curriculum to teach high-school students the perils of passwords and a program to distribute hardware security tokens to them as they are first setting up their on-line presence in order to improve the security of the next generation
