Draw Secure Passwords
Learn about pass-phrases, pronounceable and random passwords using generators. You will find out what you can do to create better passwords, and explore different types of passwords to learn about their pros and cons.
45 minutes – 1 hour
Do the activity on your own to become familiar with it.
Draw a passphrase
Pass-phrases are random combinations of four common words. They tend to be hard to guess, but easy to remember.XKCD
- Try this passphrase generator.
- You can also do this offline by selecting four random common words from the dictionary and putting them together. Discuss what you can do to make sure the words are really random.
- Now try noun, verb, adjective, noun.
- Try Diceware, which provides a list of almost 8,000 English words, preceded by 5 digit numbers. You roll a pair of dice 5 times and add the corresponding word to your passphrase. Repeat several more times to add more words and make your password less crackable.
- Which passphrases are easier to remember? Why?
- Which might be easier to guess? Why?
Draw yourself a picture to help you remember your passphrase. This one is correcthorsebatterystaple. Aurich Lawson
Remember a pronounceable password
Create a pronounceable password by using this password generator and selecting "pronounceable." These tend to be easy to remember and harder to crack because they do not contain words that can be found in the dictionary. Wait 5-10 minutes (go on to the next step and then come back) and without looking, write the pronounceable password you generated. Were you able to remember it?
Remember a random password
Create a random password by using this password generator and selecting "random." These are harder to crack, but also harder to remember. Wait 5-10 minutes (go on to the next step and then come back) and without looking, write the random password you generated. Were you able to remember it?
Basic 8, Basic 16
Create at least one basic 8 (must have at least 8 characters) password and at least one basic 16 (must have at least 16 characters) password. Discuss and brainstorm a list of good practices when creating strong passwords, using the questions below and what you've learned from the exercises above.
- Should you add one or more digits (numbers)? Did you know that if you put a digit at the beginning of your password, it's better than no digit, but not as good as having a digit in the middle?
- Should you add one or more symbols? Did you know that of 32 symbols, most people use the exclamation point, so if you use a less popular symbol, your password may be harder to guess?
- Should you use a mix of capital and lower case letters? How can this help make your password harder to guess?
- Have you tested the strength of your passwords using a password meter?