Do you have your own email or social media accounts? If so, you probably use a password to log into them. How did you pick your password? Is it something that might be easy for someone else to guess, like the name of your pet? This fun activity will teach you about password security and how to pick a stronger password.
This activity is not appropriate for use as a science fair project. Good science fair projects have a stronger focus on controlling variables, taking accurate measurements, and analyzing data. To find a science fair project that is just right for you, browse our library of over 1,200 Science Fair Project Ideas or use the Topic Selection Wizard to get a personalized project recommendation.
Imagine a suitcase lock with three number wheels on it. Each wheel contains digits 0-9, so you can pick any three-digit number as the combination. Since each wheel has 10 digits, there are 10x10x10 = 1,000, or 103, possible combinations. If you add a fourth wheel, now there are 10x10x10x10=10,000, or 104, possible combinations. What if you used the letters a-z instead of numbers 0-9 for the three-wheel lock? Then there would be 26 characters for each wheel, so there would be 26x26x26 = 17,576, or 263, possible combinations. Adding more digits, or more characters per digit, greatly increases the number of possible combinations. This makes it very difficult for a human to guess the combination.
However, computers can try to guess passwords much faster than a human can guess a physical lock combination. A fast computer can try to guess millions of passwords per second. That is why passwords should usually be long-at least 8 digits-and made up of different types of characters including numbers, symbols, and upper and lowercase letters. A short password made only of lowercase letters might be very easy for a computer to guess. This activity will demonstrate how shorter passwords made up of fewer types of characters are easier to guess than longer passwords with more characters. Since humans will be doing the guessing, the passwords will be very short (just one or two digits), but remember that real-life passwords should be much longer.
Also note that there are other general password safety rules that you should follow. Just because a password is long and mixes letters and numbers does not mean it won't be easy to guess. For example, your name followed by your birthday could be easy for someone who knows you to guess. There are also many commonly used passwords like "password", "qwerty" or "123456789" that you should avoid. Do a web search for "most common passwords [year]" where [year] is the current year (e.g. 2015) and you should be able to find a list of this year's most common passwords.
Extra: Keep a tally mark of how often each type of password is guessed, and make a graph of your results. Which type of password is guessed the most often? The least often? To get enough data for a good graph, you might need to do more duels with your opponent, or get other people to join and collect all the data.
Extra: Try the activity with other rules for passwords. For example, what if someone is allowed to pick a number 0-9 or a letter a-z? What about a two-digit password made of numbers or letters (for example, "a7")? Pit different combinations of password rules against each other in duels, and keep track of all your results.
Observations and Results
You should find that passwords with fewer total possibilities are easier to guess than those with more possibilities. For example, in the first matchup where one person thinks of a number 0-10 and the other person thinks of a letter a-z, the person with a number 0-10 will usually (but not always) "lose" the duel. Depending on how quickly you guess back and forth, each duel should take less than a minute.
Because of the random nature of guessing, it is important that you do enough duels to see this trend, which is why we suggest doing at least 10 of each type of duel. If you only do a couple duels, there is a higher chance that one person will "get lucky" and guess the other person's password, even if that person has the more difficult password type (as analogy, think about flipping a coin: if you only flip a coin twice, there is a relatively high chance that you will get two heads or two tails. However, if you flip a coin 1,000 times, your results should be very close to 50/50).
You should find that very short (1 or 2 digit) passwords work best with this activity for young students. Longer passwords (3 digits or more) have so many possibilities that they generally take a very long time for a human to guess, so students may lose interest in the activity. For a computerized version of the activity, see the "More to explore" section.
More to Explore
Ben Finio, PhD, Science Buddies
Science Buddies |
Cybersecurity, internet safety, privacy
Explore Our Science Videos
How to Build an ArtBot
Make a Slushy! Yummy STEM Project
Physics and Chemistry of an Explosion Science Fair Project Idea