Introduction

What makes a password strong? What makes one weak? First, you'll learn what not to do when making a password by looking at annual lists of leaked password data. Then you'll learn how to test a password's strength using online "password meters."

 

Evaluate Weak Passwords

Check SplashData’s annual lists of the top 25 worst passwords, compiled from more than 3.3 million leaked passwords during each year ( 2014, 2013, 2012, 2011). What do you notice about these bad passwords? How many are just numbers? How many use a favorite sport or team? Which use names, animals, or superheros? How long are these passwords?

Create a Bad Password Collage

Create your own bad password collage, using Dr. Lorrie Cranor's password quilt, password dress, password fabric, or password tie as inspiration.

Which bad passwords did you include? What weak password habits do they remind you to avoid?

After you finish your collage, share it with you friends to help generate awareness of bad passwords.

Reflect on Weak Password Habits

Brainstorm a list of things to avoid when creating a strong password. Use the questions below and what you've learned from SplashData's worst passwords lists. Remember, it's important to avoid passwords that are easy to guess or figure out because they

• Only use numbers.
• Use personal information about you that can be found online.
• Use the names of popular sports teams.
• Use people's names.
• Use animals' names.
• Use superheroes' names.
• Use only a few characters.

Test Passwords with an Online Password Meter

Now use a password meter, such as passwordmeter.com, howsecureismypassword.net, or yetanotherpasswordmeter.com, to test the strength of the passwords from SplashData's worst passwords lists. How did they score? Create some new, stronger passwords, using what you've learned about things to avoid, and test those. Which types of passwords seem to be strongest? What makes them strong? If you're working with a group, discuss and compare your findings.