Section 1. Reading the Web


Bad Password Collage

Made by Stacy Martin and the Mozilla Privacy Team. Remixed for Clubs by Mozilla.

Test the strength of passwords using tools called password meters. Learners will look at annual lists of the top 25 worst passwords, compiled from more than 3.3 million leaked passwords during each year and make a collage of what to avoid when creating a password.

30 - 45 minutes

  • Preparation

    Do the activity on your own to become familiar with it.

  • 5
    min

    Check the top 25 worst passwords

    Check SplashData’s annual lists of the top 25 worst passwords, compiled from more than 3.3 million leaked passwords during each year ( 2014, 2013, 2012, 2011). What do you notice about these bad passwords? How many are comprised of numbers only? How many use a favorite sport or a favorite team? How about names, animals, or superheroes? How long are they?

  • 5
    min

    Discuss how to avoid bad passwords

    Discuss and brainstorm a list of things to avoid when creating a strong password. Use the questions below and what you've learned from SplashData's worst passwords lists.

    • Should you use a password named after the product for which it's used? Why or why not?
    • Should use your own name, birthdate, birth year or other obvious words someone who knows you could guess (the name of your husband, child, cat)?
    • What about using popular names, simple numeric patterns, sports, sports teams, famous athletes, car brands, film names, book quotes and song lyrics? Why or why not?
    • Should you use the same username/password combination for multiple websites? Why or why not?

  • 10
    min

    Make a strong password

    Now use a password meter, such as passwordmeter.com, howsecureismypassword.net, or yetanotherpasswordmeter.com, to test the strength of the passwords from SplashData's worst passwords lists. How did they score? Create some new passwords, using what you've learned about things to avoid, and test those. Which types of passwords seem to be strongest? What makes them strong? Discuss and compare findings with the group.

  • 25
    min

    Make a Bad Password Collage

    Offline (or online) activity: Get inspiration from Dr. Lorrie Cranor's password quilt, password dress, password fabric, or password tie.

    Using paper and markers, or any other medium you wish, have learners document bad password practices by making a bad password collage.

    Lorrie Cranor