Grade 11 ITC · Term 4 · Digital Security Textbook
Unit 2 · Protective Measures · Chapter 8

Strong Passwords and Passphrases

Week 3 · Day 2 · Benchmark 11.4.2.2 Apply protective measures including authentication, updates and backups
Essential question

What makes a password actually hard to crack?

Learning objectives
  • Explain why long passwords beat complex short ones
  • Craft passphrases using the diceware/four-word method
  • Use a password manager conceptually

Overview

Attackers rarely guess passwords by hand. They run programs that try billions of guesses per second, working from leaked password lists and dictionaries. Under that kind of attack, length matters far more than symbols. A 16-character passphrase of ordinary words is stronger than a random 8-character mess — and much easier to remember.

Why Length Wins

Each extra character multiplies the number of possibilities. A 16-character passphrase can take centuries to brute-force even at billions of guesses per second.

The Passphrase Method

Pick four unrelated words at random ('correct horse battery staple'), add one number and one symbol, and use different phrases on different sites. Never re-use passwords across accounts.

Password Managers

Tools like Bitwarden or 1Password generate and store unique passwords for every site. You only need to remember one master passphrase.

Activity

Craft and Test

  1. Each student writes 3 passphrases (never their real ones).
  2. Test each on a password-strength tool provided by the teacher.
  3. Discuss why some scored higher than others.
Review questions
  1. Why is a 20-character passphrase usually safer than an 8-character random password?
    Reveal answer

    The number of possible combinations grows exponentially with length.

  2. What is the main risk of re-using passwords?
    Reveal answer

    One leaked site exposes every other account that shares the password.

  3. How does a password manager help security?
    Reveal answer

    It generates and stores unique long passwords so users only remember one.

Take it home

Write 5 passphrases (not your real ones). Rank them by strength and explain why.