The pupils arrived today; The decoration stopped and the teaching started. I’m actually really happy with what I’ve managed to create in a few days – it’s by no means finished but the space is there for pupil work. The opening lessons, as always, are to remind pupils of expectations and to outline good account security before they get to log in for the first time. The difference between today’s lesson and my previous experience is the level of thought most of these pupils put into their answers. In the end I had gathered possibly the best ideas I’ve had from S1 pupils ever – a great start if we want to have these pupils leaving Higher Education with what Professor Alan Bundy suggests is a more positive qualification for computer science degrees. I’ve included the pupil quotes below each image to show how deeply they were thinking about this.
With regard to Curriculum for Excellence, outcome TCH02-08a is on the money although a little basic for the age group. HWB3-16a is suitable as the class were discussing ways to keep their account safe from unauthorised access, reducing the risk of their personal information being misused or stolen.
not password, it’s too easy
it could be the first thing that comes into your head
i like using a wacky word and then adding something like 1,2,3 to it… why? because numbers on the end of the word make a password more secure
you could have a normal word but with capital letters at random in the word
i sometimes use a word – like “password” but then have the word again – only backwards… so it would be like “passworddrowssap”
you should use something personal… some personal words or numbers… which only you would know was important
you could take the initial from each word in a sentence… like “what makes a great password?”… yes, and that would be wmagp.
you could use numbers that mean something to you… how many numbers do you think would be secure?… eh, about 4… at least 4… like a PIN number?… yes. that would be good.
you could take a normal word and move your keys to a different point on the keyboard… but still make the same shape as the original word… do you mean something like a cypher?… YES! like the code wheel where you change the letters…
you could have a collection of letters and numbers… quite a few…the more you have the harder to guess
i might take two words and jumble the letters up to make my password… wouldn’t that be difficult to remember?… not if you had one letter from the first word then one letter from the second word…
it should be easy to remember
… yes, but also difficult for friends to guess.
I then told them about a scenario where I had many different accounts that needed passwords and that I had found a great password to use so used the same one for all the different accounts. We then talked about how I could adapt those passwords to make them more secure but also just as easy to remember…
you should put numbers at the end of the password… 1,2,3,4… then they’ll all be different… how do you know which account should have which password?… hmm… (another pupil jumps in)… you could use abbreviations of the site you are logging into like “fb” for facebook, “yt” for youtube and just put that at the end of your password…
you could change letters in the word to a number…. like an O to a zero…
what about punctuation in the password?
The next class discussed alternative ideas such as keyboard shapes (they didn’t like QWERTYUIOP though, especially when I admitted that my work password 10 years ago was 1qaz2wsx!), visual prompts such as a password inspired by a sticker on a screen or a poster near to the desk they use or a colour, and we got into a discussion about how long a great password should be. The consensus was that a number of no more than 6 to 8 digits would be acceptable, but more characters if words were used.
Finally we did a quite straw poll of the length of each pupil’s password. Average was 10-11 characters but one pupil told us his was 46 characters long… AND THEN TOLD US WHAT IT WAS! Oops.
Does any educator have some suggestions to add to this list?
Caffeine Tangent 
Sounds like you had a good day!
The more characters the better, and remember you have to have to be able to remember it! Passwords that are hard to guess are usually hard to remember. Chaining a few ordinary words together is easy to remember but difficult to guess – and harder to crack than a shorter password made up of random characters.
Nice XKCD on this: http://xkcd.com/936/ (although Information Theory is probably a *little* beyond S1).
Thanks for that link. I think I’ll use that with my S4 ICT class who will have a similar start – talking about computer security and the like. Your comment is much appreciated – thanks!
Did you discuss how a lot of accounts get hacked as pupils make them their current boyfriend/girlfriend/pets name/best friends name and these can all be found on facebook etc. I am guilty of two of the above but i never claimed to practice what I preach.
No – good tip! I did use a recent list of common passwords as an example and heard a few gasps as some pupils recognised their own.