To help you create the lesson plan and branching script for your comic about strong passwords, we’ve collected some related information and links to trusted resources. Let’s start with a quick definition:
Q: What is a strong password?
A: A password that resists being discovered by trial and guesswork. Strong passwords help protect individual user accounts and larger hosted systems by preventing unauthorized access.
A longer password–one that is 12 characters at a minimum, although 16 or more characters is preferred–is inherently stronger because it contains more characters so there are more permutations required to discover the password. Here are some approaches for implementing strong passwords:
- Adding uppercase and lowercase letters, numbers or special symbols to passwords
- Creating passphrases
- Using randomly generated passwords combined with a password manager
- Two factor authentication
You will see many of these approaches discussed in more detail in the links below.
As you never know what someone can discover on social media, or leaked through a data breach, personal information should NEVER be part of a password or passphrase. This includes–but is not limited to!–these types of information:
- Birthdays-yours or anyone in your family!
- Names of family members or pets
- Address details
- Town where you were born
- Phone number or social security number
United Kingdom’s National Cyber Security Centre (NCSC)
NCSC has an excellent glossary of common cybersecurity terms and a password security infographic that shows various ways passwords can be discovered (and suggestions on how improve system security, aka, the reasons behind choices made by system owners).
SANS Institute OUCH! newsletter
This free security awareness newsletter is designed for everyone and published every month in multiple languages. Here are some of the recent newsletters related to strong passwords:
- April 2019 – Making Passwords Simple
- December 2017 – Lock Down Your Login
- September 2017 – Password Managers
- April 2017 – Passphrases
SANS also has a video on Two-Factor Authentication
Get a broader perspective on related issues at LockDownYourLogin.0rg.
Another useful resource to be aware of in this context is the website HaveIBeenPwned?, which provides the general public a way to check if their private information has been leaked or compromised. The site’s name is based on script kiddie jargon; the term “pwn” means “to compromise or take control, specifically of another computer or application.”