Skip to main content

🔓 Why passwords get stolen

Every year, millions of passwords are stolen when companies' databases are hacked. When that happens, attackers get a list of email addresses and their matching passwords. Then they try each password on every other major service.

Here's how one breach can cause a chain reaction

1️⃣
A gaming site you signed up for gets hacked. Your email and password are stolen.
2️⃣
Attackers automatically try that same password on Gmail, Instagram, banking — everything.
3️⃣
If you used the same password everywhere, they're now in all your accounts.
With a unique password per account: only the gaming site is at risk. Everything else is safe.
Caregivers: A useful exercise at home (not in class) is to visit HaveIBeenPwned (haveibeenpwned.com) together and check whether a family email address appears in any known breaches. This makes the risk concrete without being alarmist. For this activity, no internet access is needed.

🔧 The passphrase method

The best passwords are long, but long passwords are hard to remember — unless you use this trick.

1
Think of a silly sentence. The weirder the image, the easier it is to remember.
"My robot ate 7 banana pancakes!"
2
Capitalise the first letter of each word, run them together, keep the number and the symbol.
MyRobot8BananaPancakes!
3
Count the characters. 22 characters — uppercase, lowercase, number, symbol. Strong.

Why length is the key factor

Password Characters Approx. time to crack
password 8 Instantly
P@ssw0rd! 9 A few minutes
MyRobot8BananaPancakes! 22 Millions of years

Approximate estimates based on brute-force attack rates. The key insight: each additional character multiplies the difficulty exponentially. Adding complexity to a short password helps a little. Adding length helps a lot.

📋 Four rules for every password

📏
12+ characters. Longer is always better. A passphrase naturally gives you this.
🔀
Mix it up. Uppercase + lowercase + at least one number + at least one symbol.
🚫
No personal info. Not your name, birthday, pet's name, or any detail someone could look up.
🔑
Unique per account. Same password everywhere = one breach unlocks everything.

✏️ Make yours — on your own

Do this on paper. Do not type your passphrase into any device during this activity.

Your turn

  1. Write down a silly sentence on paper. Something that creates a strong mental image — the weirder the better.
  2. Convert it: capitalise the first letter of each word, combine the words, keep the number and any punctuation.
  3. Count your characters. Is it 12 or more?
  4. Check against the four rules. Adjust if needed.
  5. Memorise it by saying the original silly sentence to yourself three times. Then test whether you can write the passphrase from memory.

✅ Caregiver check-in

  • 12 or more characters? (Count together — caregiver does not need to read the passphrase itself)
  • At least one uppercase letter?
  • At least one number?
  • At least one symbol (!@#$...)?
  • No personal information (name, birthday, pet name)?
Write down the silly sentence — not the passphrase. Store the sentence somewhere private at home (not on a device, not in a text message). When you eventually use a password manager, you'll only need to remember the one strong passphrase that unlocks the manager — everything else gets stored there.

🌱 You're ready for the next step

Next activity: Using a password manager. You now have a strong passphrase. That passphrase becomes the master key to a password manager — one secure place that stores a different strong password for every account you have. That's the next DCC activity.