Password Selection

Overview

Students will learn about good practices in selecting passwords, the dangers of weak passwords or sharing passwords between sites, and how to use password managers.

Purpose

Passwords are the way we access the majority of our information and online accounts. The passwords we use are often weak in a way that would allow hackers to guess them or we use the same password on multiple accounts. If one of those accounts is compromised, then our password to other sites is exposed.

Best practices in password selection include selecting a different password for each account and ensuring that the password is sufficiently difficult for a hacker to guess or bruteforce attack.

Objectives

Students will be able to:

• Identify best practices in password selection.
• Use a password manager for management of the multiple passwords.
• Identify good and bad passwords.

Preparation

Links

• For the Teacher
  • https://en.wikipedia.org/wiki/Password_cracking
• For the Students
  • How Secure is my Password
  • https://www.security.org/how-secure-is-my-password/
  • https://password.kaspersky.com/
  • http://www.passwordmeter.com/

Vocabulary

Teaching Guide

Getting Started:

How to pick a good password (video)

• https://www.youtube.com/watch?v=3NjQ9b3pgIg

• Discussion of Password selection… how am I hacked through my password?

Activity

Look at password managers. In Groups of 4, register, install and USE the password manager.

Password Managers:

• LastPass
• Dashlane
• KeePass
• Sticky Password
• 1Password
• RoboForm

Create a PowerPoint to present to the class.

• Explain how each works and whether you’d recommend it or not.
• Is there a mobile version?
• Does it cost money?
• What is it’s strengths / weaknesses?

Two-Step Verification:

• Gmail:
  • https://www.youtube.com/watch?v=zMabEyrtPRg
  • https://www.cnet.com/how-to/how-and-why-to-use-two-factor-authentication/

Activity

• Password Cracking (video):
  • https://www.youtube.com/watch?v=7U-RbOKanYs
• Download the password cracker and the three “encrypted” files.
  • PasswordCracker.py
  • LockedFile1.py
  • LockedFile2.py
  • LockedFile3.py

Discussion:

• How does two-factor authentication make you safer online?
• What are potential problems with two-factor passwords?
• What would I tell my friends or family to do to make their passwords more secure?

Wrap-up

Ted Talk: - http://www.ted.com/talks/lorrie_faith_cranor_what_s_wrong_with_your_pa_w0rd

Assessment Questions

• How am I currently vulnerable to password attacks?
• What can I do to make my passwords more secure?
• List steps you actually plan to use to increase the security of your password.

Extended Learning

EFF Passwords Lesson

• https://sec.eff.org/topics/passwords
• https://sec.eff.org/topics/password-managers EFF Two-Factor Authentication Lesson
• https://sec.eff.org/topics/two-factor-authentication

Standards Alignment

Indiana - CS3S-1.3

License

Cyber Security Curriculum is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.