Tuesday, February 2, 2016

Learning How to Make (and Remember) GREAT Passwords

While there are lots of ways to protect your personal information online, your first line of defense is a a GREAT password. Unfortunately, many of us have outsourced the work of making a great password to Apple, who just prompts us with an impossible to remember string of symbols and letters. Then we further outsource the job of remembering these passwords to third parties, like LastPass …the password-storage company that got famously hacked last year. Yep, you read that right. Somehow hackers were able to get at the email addresses and encrypted master passwords, as well as the reminder words and phrases that users stored with LastPass to help users remember their master passwords.

Unfortunate events like these remind us how important it is for digital citizens to know how to make (and remember) their own GREAT passwords.

I teach students how to do this in Year 2 of Cyber Civics, at the end of a unit on "Privacy and Personal Information." They learn that a GREAT password should:

               Be at least 8 characters long.
               Include upper and lowercase letters, symbols, and numbers.
               Never include personal information.
               Never include the name of family members, friends, or pets.
               Never include sequences (such as abcde or 12345).
               Never include a dictionary word (unless letters are changed to a number or symbol).
               Be changed regularly (every six months).

But how do you remember the actual password?

This is where many of us struggle because, holy cow, who can remember even a master password? So students are taught to use "mnemonic," or memory device for this task. It works best if it's something they like. For example, one girl chose her favorite artist, Taylor Swift, as her mnemonic. With Swift in mind, she came up with this password:

This password uses the first letter of each word of Swift's hit song, "Shake It Off" (employing both upper and lowercase letters), includes an exclamation point (because it's a great song), and ends with the album title (1989). So by thinking of Swift, this student came up with a GREAT password that successfully incorporates all seven rules, plus it should be easy for her to remember. Additionally, she will be encouraged to change it in six months when she has a new favorite artist, and well before any hacker can figure out what her GREAT password is.

I recently conducted this lesson again, and students came up with these 3 GREAT passwords. The rest of the class had to try to guess who each student's “mnemonic” (or famous person) was and, believe it or not, they were incredibly adept at this activity. Can you guess what famous person inspired these three passwords? (Find answers at bottom).

Today the only password manager we keep can safely rely on lies between our ears, in an unhackable vault that's free to use. Lets teach students how to put it to work.

Password Image courtesy of Stuart Miles at FreeDigitalPhotos.net