Section 3.5

Learning Goals

• Students will develop a list of best practices for writing and using passwords.

• Students will identify three categories of authentication measures.

• Students will define multi-factor authentication.

• Students will construct the advantages and disadvantages of multi-factor authentication.

Objectives and General Description

One aspect of protecting data is what a user can do to protect their own personal data.  This incorporates passwords and multi-factor authentication options.  This section focuses on the do's and don'ts of passwords and the types of multi-factor authentications.  Students will practice writing secure passwords.

Activities

Activity 3.5.1 (budget 20 minutes)

Password Do's and Don'ts

1. Pose this question:  How do we protect our personal data on our computers?  This could be answered in a Padlet or shared google doc as a warm up.

2. Quick discussion and then focus on Passwords.  This is one of the first things that people think of when they try to protect accounts, devices, etc.

3. Print one copy of the list of password tips and cut apart the strips.  Give each student or student pair a tip.  

4. Students decide if their tip is a good tip or a bad tip.

5. Divide the board into two sections:  good tips and bad tips.

6. Students place their tip into the appropriate section and explain why they chose that category.

7. *Some of the options could be debatable.  Consider add a "Maybe" category.  For example, "changing a password every 3 -6 months" is ok for most users.  However, high security applications and businesses may require new passwords & authentication more frequently.

8. Make a shared class list of valid password tips.  For additional information, see the following sites...

   • https://smallbiztrends.com/2019/01/password-best-practices.html 

   • https://er.educause.edu/blogs/2015/10/8-dos-and-donts-of-good-passwords 

   • https://www.marquette.edu/its/help/security/password.shtml 

9. Give each student an index card.  Have them write down the answers to the following prompts:

   • Favorite number

   • Favorite color

   • Pet or favorite celebrity name

   • Two special symbols (!, @, #, $, ^, etc.)

10. Students should exchange cards with a partner.  Each student should make two passwords for their partner.  One password that could easily be guessed and one that is secure.

11. Switch cards back to original person.

12. Test your passwords this  password checker by BetterBuys.com.  Verify that the "easy" password could be cracked in a faster time than the "secure" password.

13. Let students explore the password checker tool.  Who can make the hardest password to crack?  Change the year and see if that makes any difference to the time required.

Activity 3.5.2 (budget 10 minutes)

Multi-factor authentication

1. Review important points from the password activity in the previous activity.

2. Define "authentication measures" as strategies to protect devices and information form unauthorized access.  Passwords are one type of authentication measure.

3. Give students 5 minutes to brainstorm/research other types of authentication measures.  Record their responses.  Responses fall into three categories (from GlobalKnowledge.com)...

   • Type 1:  Something you know (passwords, pin numbers, etc.)

   • Type 2:  Something you have (keys, USB drive, smart card, etc.)

   • Type 3:  Something you are (bio-metrics --- fingerprints, retinal scanner, facial recognition, etc.).

4. Pose the question:  Based upon what you now know about authentication measures, what is "multi-factor authentication"?  Use a think - pair - share strategy to facilitate the discussion of the answers.

5. Next discussion question:  What is the advantage of multi-factor authentication?  Dis-advantage?

6. College board points to emphasize:

   • IOC-2.B.3 Multifactor authentication is a method of computer access control in which a user is only granted access after successfully presenting several separate pieces of evidence to an authentication mechanism, typically in at least two of the following categories: knowledge (something they know), possession (something they have), and inherence (something they are). 

   • IOC-2.B.4 Multifactor authentication requires at least two steps to unlock protected information; each step adds a new layer of security that must be broken to gain unauthorized access.

Resources

• 3.5.1: Password Tips (student resource)