Be able to explain why the randomness of using dice or a book is effective at producing a secure passphrase.
- Produce a highly secure passphrase.
Review: Walk learners through why bad passwords are easy to guess.
- Common English words
- Common English words with some letters turned into numbers
- Names and dates
- Patterns on the keyboard (even ones you think are clever)
Show list of most popular passwords: https://en.wikipedia.org/wiki/List_of_the_most_common_passwords
Other points you can cover include:
- Show examples of really strong passwords.
- Discuss why you should never reuse a password for multiple sites or services.
Discuss why a password manager is useful.
Discuss the purpose of a master password or passphrase.
- Discuss remembering a passphrase.
Activity: Generate a Passphrase
There are a few options for leading participants through the process of creating a passphrase. One nice thing about these activities is that learners can participate in them even if they didn’t bring a computer or other device.
The following activities require learners to remember their new passphrases. Memorization is not realistic for everyone, and people may forget their new passphrases after the workshop. It may be useful to provide post-its and pens for learners to write down their new passphrases.
The facilitator may want to follow up with suggestions for memory-recalling measures, like using mnemonics (e.g. “Elephant Rainbow Novel” can be remembered by “ERN”), or creating a visual story around the passphrase (e.g. “I remember ‘Elephant Rainbow Novel’ by imagining an elephant walking on top of a rainbow, and reading a book at the end of the rainbow”).
Word selection from books
One option simply requires that you have a book for each learner, which makes it a great option for trainings in schools, libraries, or other places with a lot of books sitting around.
- Close your eyes
- Open your book to a random page
- Put your finger somewhere on the page
- Open your eyes and write down the word closest to your finger.
- If the word is a very common (easy to guess) word, go back to step 1.
- Repeat steps 1-5 four more times, giving you a total of five words.
- Voila! You have a new passphrase.
Knowledge share: Passphrase Generation with Diceware (optional)
Another option for creating a passphrase is a system called Diceware, where you use a set of 5 dice and a predetermined word list to generate a passphrase. We’re big fans of Diceware at EFF. We even created our own customized EFF dice set and our own word list. It can be a lot of fun for users with a certain kind of geeky sensibility.
That said, Diceware can also be intimidating for some participants. If you don’t have several sets of dice and word lists on hand, it can create an awkward lull while everyone is waiting for their turn.
Instructions for running a Diceware activity and using the list is found at eff.org/dice.