## Summary

3rd-5th
Group Size
2 students
Active Time
30 minutes
Total Time
30 minutes
Area of Science
Computer Science
Key Concepts
Cybersecurity, probability
Credits
Ben Finio, PhD, Science Buddies

## Overview

Do your students have their own online accounts like email or social media? What about a login for the school computers? If so, they might have to pick passwords. Have you ever had trouble creating (and forgetting) good passwords? This fun lesson plan involves a guessing game that can teach your students how to make their passwords harder to guess. Learn how to keep your accounts safe!

## Learning Objectives

• Understand that allowing more characters for a password results in more possible combinations for that password
• Demonstrate that a password with more possible combinations is harder to guess

## Materials

• Stopwatch (one for entire class)
• Pencil and paper (for each student)

## Background Information for Teachers

This section contains a quick review for teachers of the science and concepts covered in this lesson.

You might be familiar with the rules most websites require for creating a "strong" password. They typically must be at least 8 characters long, and have various other requirements (for example, you must use at least one uppercase letter, one number, and maybe one symbol). These rules might seem silly, but there is reasoning behind them. Hackers know that certain types of passwords—especially ones that are all numbers (like "123456789") or all lowercase letters (like "qwerty," "abcdefgh," or "password")—are used commonly. They might try these passwords first when they attempt to break into someone's account. This is called a dictionary attack because it uses a "dictionary" of common passwords. Rules requiring that you use a mix of letters, numbers, and symbols force you to avoid these types of passwords.

Number of possible password combinations for different character sets
Password length Numbers only (0–9) Examples Lowercase letters only (a–z) Examples Upper/lowercase letters, numbers, symbols (a–z, A–Z, 0–9, @#\$%...) Examples
1 10 3 26 h 95 A
2 100 45 676sh 9,025 h2
3 1,000 62817,576 iql 857,375 g%3
4 10,000 1973 456,976 bqof 81,450,625 vL*6
5100,000 14850 11,881,376 lnkoq 7,737,809,375 r03@B
6 1,000,000 355698 308,915,776 zmpqla 735,091,890,625a2&M1s
710,000,0008415268 8,031,810,176 rvynimw 69,833,729,609,375 v98(Q!i
8100,000,000 82145669208,827,064,576 xwvrnymu6,634,204,312,890,620L3\$7bv~0
Table 1. Number of total possible passwords for different lengths and character sets.

In this project your students will split up into pairs and play a "guessing game" to simulate hackers trying to guess a password, except the game is not fair! One student must pick a number 0–9, (10 possibilities) as a "password," and the other student will pick a number or a letter; 0–9 or a–z (36 possibilities). So, when playing the game, one student has a 1 in 10 chance of guessing the password with any given guess, and the other student only has a 1 in 36 chance. You would never use a one-character password in real life, but this ensures that the game can be completed in a reasonable amount of time in a classroom setting. The game will demonstrate how allowing more choices for each character makes a password stronger, or more difficult to guess.

## Make Career Connections

Top
Free science fair projects.