Privacy Basics: Passwords, Tracking, and Data Retention | Passwords

Testing Password Strength

Made by Stacy Martin, Senior Data Privacy Manager at Mozilla.

Develop your own strong passwords - and avoid weak ones - using an online "password meter", learning about security.

45 minutes

  • Introduction

    What makes a password strong? What makes one weak? First, you'll learn what not to do when making a password by looking at annual lists of leaked password data. Then you'll learn how to test a password's strength using online "password meters."


  • 10

    Evaluate Weak Passwords

    Check SplashData’s annual lists of the top 25 worst passwords, compiled from more than 3.3 million leaked passwords during each year ( 2014, 2013, 2012, 2011). What do you notice about these bad passwords? How many are just numbers? How many use a favorite sport or team? Which use names, animals, or superheros? How long are these passwords?

  • 15

    Create a Bad Password Collage

    Create your own bad password collage, using Dr. Lorrie Cranor's password quilt, password dress, password fabric, or password tie as inspiration.

    Which bad passwords did you include? What weak password habits do they remind you to avoid?

    After you finish your collage, share it with you friends to help generate awareness of bad passwords.

  • 10

    Reflect on Weak Password Habits

    Brainstorm a list of things to avoid when creating a strong password. Use the questions below and what you've learned from SplashData's worst passwords lists. Remember, it's important to avoid passwords that are easy to guess or figure out because they

    • Only use numbers.
    • Use personal information about you that can be found online.
    • Use the names of popular sports teams.
    • Use people's names.
    • Use animals' names.
    • Use superheroes' names.
    • Use only a few characters.
    • Would it be a good idea to use a password named after the product for which it's used? Why or why not?
    • Would it be a good idea to use your own name, birthdate, birth year or other obvious words someone who knows you could guess (the name of your husband, child, cat)? Why or why not?
    • Would it be a good idea to use popular names, simple numeric patterns, sports, sports teams, famous athletes, car brands, film names, book quotes and song lyrics? Why or why not?
    • Is it a good idea to use the same username/password combination for multiple websites? Why or why not?
  • 10

    Test Passwords with an Online Password Meter

    Now use a password meter, such as,, or, to test the strength of the passwords from SplashData's worst passwords lists. How did they score? Create some new, stronger passwords, using what you've learned about things to avoid, and test those. Which types of passwords seem to be strongest? What makes them strong? If you're working with a group, discuss and compare your findings.