โ† Back to all modules
๐Ÿ”‘
๐Ÿ›ก๏ธ Operational Security ยท Week 3

Passwords & Passphrases

Master the art of creating strong passwords, learn how hackers crack weak ones, and discover tools that make staying secure easy.

Viewing: ๐Ÿ‘ง Age 11 ๐Ÿง‘ Age 13

๐Ÿ“ Where you are in the curriculum: Week 3 of 12

You've learned about your digital footprint and how to evaluate online information. Now it's time for your first hands-on security skill: creating passwords that actually protect you.

Password Security: Your First Line of Defense ๐Ÿ”‘

Passwords are the most fundamental security mechanism on the internet โ€” and also the most commonly broken one. Let's understand why they matter at a deeper level.

The Scale of the Problem

  • Over 24 billion username/password pairs have been exposed in data breaches
  • 81% of hacking-related breaches involve stolen or weak passwords
  • The average person has 100+ online accounts
  • 65% of people reuse passwords across multiple sites

How Passwords Are Stored (and Stolen)

When you create a password, good websites don't store it directly. They use hashing โ€” a one-way mathematical function that converts your password into a fixed-length string:

Password: "taco cat surfs daily"
SHA-256 Hash: a7f3c8d2e1b4...  (64 characters)

The key property: you can turn a password into a hash, but you can't turn a hash back into a password.

When you log in, the site hashes what you typed and compares it to the stored hash. They never need to know your actual password!

So How Do Breaches Work?

When hackers steal a database, they get the hashes. Then they:

  1. Hash common passwords and compare
  2. Use rainbow tables (pre-computed hash dictionaries)
  3. Brute-force through combinations

Good sites also use salting โ€” adding random data to each password before hashing, making pre-computed attacks useless. But not every site does this properly, which is why breaches are so damaging.

Why This Matters to You

Your accounts have real value:

  • Gaming accounts: Rare skins, items, and in-game currency have real-world monetary value
  • Social media: Your reputation and relationships
  • Email: The master key to every other account (password resets!)
  • School accounts: Your academic record and personal info

You can check if your credentials have already been exposed using Have I Been Pwned โ†—, a free service by security researcher Troy Hunt that tracks over 600 million breached passwords.

1 / 5

๐Ÿ›ก๏ธ CyberSafe โ€” Online safety training for the whole family.