PBS KIDS: Building a login system for kids and teens in Python

Type:
Talk
Audience level:
Novice
Category:
Industry Uses
March 9th 10:50 a.m. – 11:30 a.m.

Description

Our challenge was to create a login system for little people who might barely read, maybe no email, perhaps no home computer. And we had to watch out for privacy laws - especially tough for minors. But these kids want to play games, write stories, and create online avatars to share and compete against their buddies. Listen to how we developed the PBS KIDS login and moderation system in Django.

Abstract

PBS KIDS website overview

  • Types of games and activities online
  • Stats - 1.5 millions video streams a day

Who comes to PBS KIDS?

  • Ages 2-17
  • Some don't have a home computer
  • Generally divided into two age groups

Why do we need a login system?

  • Humans like to see progress
  • Competition with friends
  • User generated content

Challenges

  • Children's Online Privacy Protection (COPPA) -- Cannot store emails -- No personally identifing information
  • Additional standards we hold ourselves to -- Foul language

How this is different than other login systems

  • No emails
  • No password recovery by email
  • No complex questions
  • No Mother's maiden name or high school mascot questions

Moderation

  • Every username and user generated content must be moderated
  • Time committment
  • Cannot be automated, but automation can help

Our solution - Picking a username

  • Namespace collisions
  • Alternate suggestions

Passwords

  • Research about password length and memory retention

Secret Code

  • Using visual representation instead of questions
  • Security integrity: size of brute force search space

How to remember

  • Cookies are set, but watch out for public computer
  • Messaging and instructions

Architecture

  • System loads and configuration
  • Python/Django custom implementation
  • Performance statistics

Moderation

  • Django adminstration
  • Implications on how to handle un-moderated content

More

  • Compatible with PHP, Flash, Ruby
  • Cross site login challenges