Privacy Basics: Protect Your Data | Create Secure Passwords

• Preparation

  Learning Progression

  In this lesson, your learners will:

  1. Create strong passwords using the passphrase method.
  2. Create strong passwords using the 8- and 16-character methods.
  3. Create strong passwords using the diceware method.
  4. Test the strength of their newly created passwords.
  5. Reflect on their learning.

  ---

  You should...

  Do each part of the lesson on your own to see how it works.

  Make sure learners have a lot of scratch paper or space to generate passwords and pass phrases during the lesson. Also, remind them throughout the lesson that they shouldn't keep any of the passwords or pass phrases they create today since they are making them in a group.

  Instead, remind learners to remember the methods they used to make strong passwords and pass phrases today so they can create their own in private.

• Create a Pass Phrase Inspired by xkcd

  10 minutes

  Visit this blog post by Jeff Preshing. Review the comic from xkcd in the post to show your learners how pass phrases work. Explain that pass phrases can be used as secure passwords ebcause they are hard to guess and easy to remember.

  

  A pass phrase is a password made of several common words. Again, the big idea is that pass phrases made of common words are easy to remember, but hard to guess, whereas more complex passwords made of letters, numbers, and symbols are easier to guess and harder to remember.

  After you remind your learners of that big idea, have them use the pass phrase button on the blog post to create 3-5 new pass phrases from the set of 1949 words Preshing used for the site. Ask learners to write down or otherwise record those pass phrases so they can use them later in the activity.

  

  Remind your learners not to use any of these passwords in the future, but to remember that pass phrases are very secure because they are easy for you to remember, but difficult for others to guess.

• Create a Pass Phrase with Diceware

  20 minutes

  Next, ask learners to download and open this Diceware list of words by visiting that link and choosing to save the file to their desktops or document folders. You can shorten the link and post it in a highly visible place in your classroom, or you can paste it into a shared doc, or your can use whatever means of sharing works best for your learners.

  Learners can open the file using a program like Notepad (on a PC) or TextEdit (on a Mac).

  The file is a huge list of words that correspond to 5-digit numbers. Learners will roll five dice at a time to create a number, reading the dice from left to right to create their own 5-digit numbers.

  For example, a roll of 1, 2, 2, 5, and 6 would be read as "12256" and correspond to the word "ankle" in the word list.

  Then learners will find the word attached to each of their numbers and repeat the process until they have 4 pass phrases made of 4 words each.

  Ask learners to record their Diceware pass phrases along with their xkcd-inspired pass phrases from the last section.

  The instructions for generating passwords with Diceware can be found here and are much more privacy-focused than the ones you'll ask your learners to follow in this lesson.

  Remind learners not to use the Diceware pass phrases they make in class today, but to use Diceware to create their own pass phrases in private.

• Create Basic 8 and Basic 16 Passwords

  10 minutes

  Finally, invite learners to create 8- and 16-character passwords made from memorable sentences.

  First, have each learner write or otherwise record a sentence that has any combination of 8 words, numbers, and punctuation marks like:

  Yesterday, I was 5 minutes late.

  Then ask learners to take the first letter of each word, any punctuation marks, and any numbers to create a password by putting those characters in the same order they have in the sentence. For example, the sentence above would become:

  Y,Iw5ml!

  A 16-character password might come from a sentence like this:

  Last year, I got an A in every class except for the worst 2.

  And look like this:

  Ly,IgaAieceftw2.

  Ask learners to create 2 passwords with 8 characters and 2 passwords with 16 characters using this method. Also ask them to record these passwords with the others they created during the lesson.

• Test Your Creations

  10 minutes

  Invite your learners to revisit the password meters you used in the Bad Password Collage lesson. Use any of the following:

  • passwordmeter.com
  • howsecureismypassword.net
  • yetanotherpasswordmeter.com

  Remember to post these links in a highly visible place or give them to learners on a shared document or handout, or share them in any way that works best for your learners.

  Then, ask your learners to test each of the passwords they made during today's lesson. Have each learner use the same password meter to test each of their passwords for consistency's sake. Ask learners to write down or record each password's score, as well.

  Once a learner has tested each of their passwords, they should write down or otherwise record which method created the strongest set of passwords.

  Remind learners that they used these methods:

  • Random pass phrase generation from a list of 1949 words.
  • Diceware pass phrase generation.
  • Basic-8 and Basic-16 password generation.

  They should also write down or otherwise record which set of passwords they think were easiest to remember.

• Reflection and Assessment

  10 minutes

  Finish the lesson by facilitating a brief, reflective discussion about ways to create secure passwords for learners' online accounts. Use questions like those below or come up with your own. You may collect learners' responses for the purposes of assessment, but be sure to do so using technologies that offer your learners their fullest range of expression.

  Also, remind learners one more time not to use any of the passwords they made today as part of your group. They should instead pick a method for creating secure passwords and use it in private to generate passwords for their accounts.

  • Which methods seemed strongest to you? Why? What made those passwords so secure?
  • Which methods seemed easiest to remember to you? Why?
  • In your own words, how might you explain one of our password creation methods to a friend or family member?
  • What might some of the weaknesses be of the methods we used today?
  • Why might it be important to you to have secure passwords for your accounts? Why should we bother to create strong passwords in the first place?

  Curious to learn more about strong online safety habits? Check out this Privacy & Security Toolkit.

  Next activity→Data Trail Timeline

• 7. Optional: Badging

  You will learn about pronounceable and random passwords using a password generators. You will find out what you can do to create better passwords, and explore different types of passwords to learn about their pros and cons while learning how to protect yourself online.

  Steps to complete this task:

  1. Go to this xkcd-inspired password generator to create and document four passwords for the purposes of this activity. (Don't ever use the passwords for other purposes. Make your own in private later.)
  2. Use the Diceware instructions here to create and document four more passwords.
  3. Use the instructions here to make and document two Basic-8 passwords and two Basic-16 passwords.
  4. Test each passphrase or password using a password meter such as passwordmeter.com, howsecureismypassword.net, or yetanotherpasswordmeter.com.

  Evidence:

  Write a one-paragraph reflection of which password creation method you think is strongest and most memorable and explain why.

  21st Century Skills:

  If you successfully complete the above, you will practice the following skills:

  • Problem solving

  The skills that you have learned through this activity can be recognized and validated by earning credentials or badges.

  Through a partnership with the Open Badges Academy (OBA), you can earn over 15 Web Literacy and 21st Century Skills credentials or badges. Once you earn them, you can share the credentials/badges via your social media or resume or use them to connect with others.

  If you are interested in applying for badges, visit the OBA and/or reach out to Matt Rogers or DigitalMe to schedule a demonstration.