Bad Password Collage
Test the strength of passwords using tools called password meters. Learners will look at annual lists of the top 25 worst passwords, compiled from more than 3.3 million leaked passwords during each year and make a collage of what to avoid when creating a password.
30 - 45 minutes
Do the activity on your own to become familiar with it.
Check the top 25 worst passwords
Check SplashData’s annual lists of the top 25 worst passwords, compiled from more than 3.3 million leaked passwords during each year ( 2014, 2013, 2012, 2011). What do you notice about these bad passwords? How many are comprised of numbers only? How many use a favorite sport or a favorite team? How about names, animals, or superheroes? How long are they?
Discuss how to avoid bad passwords
Discuss and brainstorm a list of things to avoid when creating a strong password. Use the questions below and what you've learned from SplashData's worst passwords lists.
- Should you use a password named after the product for which it's used? Why or why not?
- Should use your own name, birthdate, birth year or other obvious words someone who knows you could guess (the name of your husband, child, cat)?
- What about using popular names, simple numeric patterns, sports, sports teams, famous athletes, car brands, film names, book quotes and song lyrics? Why or why not?
- Should you use the same username/password combination for multiple websites? Why or why not?
Make a strong password
Now use a password meter, such as passwordmeter.com, howsecureismypassword.net, or yetanotherpasswordmeter.com, to test the strength of the passwords from SplashData's worst passwords lists. How did they score? Create some new passwords, using what you've learned about things to avoid, and test those. Which types of passwords seem to be strongest? What makes them strong? Discuss and compare findings with the group.