Lesson 2

Password123 is NOT a Password

Creating Unbreakable Passwords

The Experiment

A security researcher recently tested how long it takes to crack common passwords:

password123 0.29 seconds
Summer2024! 3 minutes
MyD0g$Name 4 hours
correct-horse-battery-staple 550 years

Why "Clever" Passwords Fail

You might think "P@$$w0rd!" is clever because you replaced letters with symbols. Hackers know these tricks too. Their tools automatically try:

  • Common substitutions: @ for a, 0 for o, $ for s, 3 for e
  • Predictable patterns: Capital first letter, numbers at the end, ! as the symbol
  • Dictionary words: Including names, places, and common phrases
  • Keyboard patterns: qwerty, 123456, zxcvbn

The Passphrase Revolution

Instead of complex passwords like Tr0ub4dor&3 (hard to remember, easy to crack), use passphrases:

Example: "purple-elephant-dancing-taco"

This is:

  • Easy to remember (picture a purple elephant dancing with a taco)
  • 25 characters long
  • Would take centuries to crack

The Password Manager Solution

The best approach: Use a password manager that generates and stores unique passwords for every account. You only need to remember ONE strong master password.

1
Length Beats Complexity

"correct-horse-battery" beats "P@$$w0rd!" every time

2
Never Reuse Passwords

When one site gets breached, attackers try those passwords everywhere

3
Use a Password Manager

Let software generate and remember complex passwords for you

4
Enable Two-Factor Authentication

Even if your password is stolen, 2FA adds another barrier

Test Your Knowledge

Answer these questions to complete the lesson.

1. Which password would take the LONGEST to crack?

2. Why is 'Summer2024!' a weak password even with a capital, number, and symbol?

3. What's the main benefit of a password manager?

4. Why should you NEVER reuse passwords across different websites?

All Lessons