Lesson plan; Understanding Data Leaks and Password Security

Beyond “Password123”: Creating Strong Passwords in the Digital Age

Objective:
Teach students about the risks of data leaks and the importance of creating strong, unique passwords for online accounts.

Passwords in Schools

Business employees must remember passwords from 80 to 191 to do their job. Let’s take a look at a relevant audience for K-12 education:

• The average teacher has over 100 passwords to keep track of. Some have as many as 200 login credentials.
• School administrators have stronger password and authentication requirements than others because they have more access to confidential student data.

While students don’t have to keep track of quite as many passwords, they do have a few to juggle. Why not teach them the right way to safeguard them early? Source Tcea.org

Introduction:
Begin by discussing the recent RockYou2024 data leak, which exposed 10 billion passwords. Explain how this massive breach highlights the critical need for robust password practices. See more info at Forbes.

Key Concepts:

1. Dangers of Password Reuse: Explain how using the same password across multiple accounts creates a single point of failure.
2. Discuss the concept of credential-stuffing attacks.
3. Creating Strong Passwords
   • Length: Emphasize passwords should be at least 12 characters long
   • Complexity: Combine uppercase and lowercase letters, numbers, and symbols
   • Uniqueness: Stress the importance of using different passwords for each account
   • Avoid using easily guessable information (birthdays, pet names, etc.)
4. Password Management Techniques
   • Introduce the concept of password managers
   • Discuss how to create memorable yet secure passwords using techniques like passphrases.
5. Additional Security Measures
   • Multi-Factor Authentication (MFA): Explain its importance and how it works
   • Regular password updates: Discuss the pros and cons of changing passwords periodically

Useful Resources:

• National Cyber Security Centre’s password guidance: https://www.ncsc.gov.uk/collection/passwords
• Everyday Sense Education’s “Password Power-Up” lesson: https://www.commonsense.org/education/digital-citizenship/lesson/password-power-up
• Have I Been Pwned?: https://haveibeenpwned.com/ (to check if email addresses have been involved in data breaches)

Conclusion:
Reinforce the importance of strong, unique passwords in protecting personal information online. Please encourage students to implement these practices across all their accounts.

Homework:
Ask students to review and improve the security of their online accounts, focusing on creating strong, unique passwords and enabling MFA where possible.

Remember, cybersecurity is an ongoing process. As new threats emerge, it’staying informed and updating your students on the latest security best practices is essential.

Here are some fun activities to teach password security to students:

1. Password Strength Evaluation Game:
   Use online tools like https://howsecureismypassword.net or https://www.experte.com/password-check to have students create example passwords and evaluate their strengths.