Melissa asked me for her own account on my computer a few days ago. This is significant to a geek such as myself, because I run an almost-exclusively Linux box. I asked her why, and she said she likes some of the programs on my computer, and she wants her own account.
When I asked why the family-access account wasn't good enough, she said that Tatiana has her own account, and she'd like to be able to have her own stuff, just like Tatiana. I interpreted this to mean not just desktop preferences, but also private content. This led to a discussion of computer privacy, and therefore directly to passwords.
Naturally, I first disclosed that I had access to all the accounts on my computer. This shocked both of them. We discussed the evolution of multi-user systems, the assignment of the original system operator responsiblities to the kernel, and the need for a single user that could modify and configure the system. I informed them that, since I knew what I was doing, I was the superuser, and my responsibilities made it necessary for me to be able to access their accounts without using their passwords.
Then I warned Tatiana that her password was so easy to guess, I didn't even have to circumvent it. She wasn't convinced, but Melissa was intrigued. She started with the simplest social engineering imaginable: she asked me what Tatiana's password was.
I refused to disclose it. But I did discuss the idea of password cracking with her. We started designing a program to guess people's passwords. When we got to the part that revealed Tatiana's password, she started getting agitated. She asked me how to change her password. I told her I'd show her, if she asked me when the computer was available. By the time it was over, we had all figured out two good ways to generate passwords that would be hard for our program to guess. And Melissa was intent on cracking my account, even after I told her that my account was no different from hers, and what she really wanted was to crack the "root" account.
The next day, Melissa cracked Tatiana's account. No programming required, of course. I made Melissa her own account right away. Since I didn't want to teach them how to use "passwd" from the console, I also used "aptitude install usermode" to provide a simple menu option that would allow them to change their passwords.
Both of them took advantage of it immediately. Melissa's password is about 30 characters long. I tried to warn her, but as long as she's comfortable with it, I'm fine. And it would be hard for our program to guess, if I ever get around to programming it with her.