Modul 3 -  Password Security & Account Protection

Your password is the key to your digital life. It protects your personal information, your schoolwork, your social media accounts, your gaming progress, and even your digital money or in‑game items. When your password is weak, reused, or stolen, attackers can easily break in and pretend to be you.

This module helps you understand how passwords work, how attackers break them, and how you can build strong, memorable protection for every account you use.

A password is a secret word, phrase, or combination of characters that proves your identity when you log into a device, app, or website. Think of it like the key to your personal locker — only you should have access.

Types of Passwords

• Static passwords — stay the same until you change them.

• Dynamic passwords — change regularly, like one‑time codes or rotating passphrases.

Key Terms You Should Know

• Authentication — proving who you are to access an account.

• Credentials — your username/email + password.

• Multi‑factor authentication (MFA) — using more than one method to confirm your identity (e.g., password + phone code).

Why Passwords Matter

Your password protects:

• personal information

• schoolwork and files

• social media and gaming accounts

• digital money, credits, and items

In 2025, over 24 billion passwords were exposed in data leaks — that’s almost three passwords for every person on Earth. Most were weak or reused.

What Can Happen If Your Password Is Weak or Stolen

• Someone can log into your accounts and lock you out.

• They can message your friends pretending to be you.

• Your schoolwork or files can be deleted.

• Your private information can be leaked or sold.

• Cyberbullies or scammers can use your account to harm others.

Real‑World Example

A popular YouTuber had their account hacked because of a weak password. The attacker used the channel to run scams, damaging the creator’s reputation and upsetting thousands of followers.

Strong authentication means using more than just a password. The more layers you add, the harder it is for attackers to break in.

Three Types of Authentication Factors

• Something you know — password, PIN, secret answer.

• Something you have — phone, security key, authenticator app.

• Something you are — fingerprint, face, voice.

Two‑Factor Authentication (2FA)

2FA combines two factors, such as:

• password + SMS code

• password + authenticator app

• password + fingerprint

Why 2FA Is Essential

Even if someone steals your password, they still can’t get in without the second factor.
Platforms like Instagram, Gmail, TikTok, and Fortnite all offer 2FA — and you should turn it on for every important account.

A strong password doesn’t have to be complicated — it just needs to be long, unique, and hard to guess.

What a Strong Password Looks Like

• At least 12–15 characters

• Mix of uppercase, lowercase, numbers, and symbols

• Not based on personal info

• Unique for every account

Common Mistakes to Avoid

• Using “123456”, “password”, “qwerty”

• Using your name, birthday, or pet’s name

• Reusing the same password everywhere

• Writing passwords on sticky notes or in your phone’s notes app

• Sharing passwords with friends

• Entering passwords on untrusted devices

Strategies for Memorable Passwords

• Passphrases:
  Combine random words: mint‑owl‑thunder‑creek.
  Add a number or symbol: mint‑owl‑7thunder‑creek*.

• Acronyms:
  Turn a sentence into initials:
  “Last week I fell down thirty stairs” → Lw1fd30$

• Mnemonic stories:
  Create a mental image to remember your password:
  Eagle + spoon + mushroom → Eagle‑Spoon‑Mushroom3!

Tips for Young Users

• Avoid song lyrics, movie quotes, or famous lines.

• Don’t use predictable patterns like “password1”or your name .

• Make your passphrase fun and unique — but not about you.

Young people have special legal protections online. Knowing them helps you stay safe and make informed choices.

Important Laws

• COPPA (Children’s Online Privacy Protection Act): In the U.S., websites and apps must get parental consent before collecting data from children under 13. New rules in 2025 require stricter verification and data deletion practices. https://www.ftc.gov/legal-library/browse/rules/childrens-online-privacy-protection-rule-coppa 

• GDPR-K (General Data Protection Regulation for Kids): In the EU, children’s data is protected, and parental consent is needed for users under 13–16, depending on the country. https://gdpr-info.eu/art-8-gdpr/ 

• Platform Protections: Many apps (like Instagram Teen Accounts) offer special privacy settings for youth, but studies show these are not always effective—youth should still be cautious and proactive.

Best Practices

• Ask a parent or guardian before creating new accounts.

• Use privacy settings to limit who can see your information.

• Report suspicious or inappropriate content.

Mission 1: Build Your “Unbreakable Password”

Goal: Create a strong, memorable password using one of the strategies from the chapter.

Steps

1. Pick one method:

   • Passphrase

   • Acronym

   • Mnemonic story

2. Create a password that:

   • Is 12–15+ characters

   • Uses upper/lowercase, numbers, symbols

   • Is NOT based on personal info

3. Test it using a password strength checker (search “password strength test” — no need to enter your real password; use a modified version).

 Mission 2: Spot the Scam — Phishing Detective

Goal: Learn to identify phishing red flags.

Instructions

Below are three short messages. Two are phishing attempts, one is safe. Learners must identify which is which and explain why.

A. “Your game account has been flagged for suspicious activity. Click here immediately to secure it: http://secure-game-support123.com” 

B. “Hey, I can’t log into my account. Did you change the password? Can you send me the code you just got?” 

C. “Reminder: Your school portal password expires next week. Please update it through the official school website.”

Task

• Mark each message as Safe, Suspicious, or Phishing according to what you think.

• List at least two red flags for each suspicious one.

Mission 3: Password Reuse Check-Up

Goal: Understand the risk of reused passwords.

Instructions

Learners make a private list (not shared!) of:

• 5 apps or websites they use often

• Whether each one has a unique password or a reused password

Task

For each reused password, they write:

• What could happen if one of these sites was hacked?

 Mission 4: Privacy Hero Quiz

Goal: Connect legal protections (COPPA, GDPR-K) to real life.

Scenario

“You want to sign up for a new app that asks for your birthday, location, and permission to access your photos.”

Questions

• What information should you check before signing up?

• When do you need parental/guardian consent?

• What privacy settings would you turn on first?