This short module opens with an introduction to the problem space (password reuse), followed by introducing password managers, and optionally having students install one and sign up for an email with a randomized password.

Prerequisites

Threat modeling
(Good to know) Authentication - Part 1

Estimated time

20-25 minutes (35-40 minutes with optional activity)

Objectives

• Upon successful completion of this lesson, students will be able to assess the risks of password reuse.
• Students will be able to assess the role and quality of password management software.

Why this matters

Hackers know everyone reuses their passwords, and this is a problem because one breached website necessarily reveals your password for other unrelated websites. By helping simplify the process of keeping unique passwords across many services and devices, password managers (e.g., 1Password, Bitwarden) are one of the most effective tools for ensuring a password breach will stay isolated to the one breached website.

Homework

(Before class) From Freedom of the Press Foundation, read about some of the considerations for choosing a password manager: "Choosing a password manager"

Sample slides

Authentication - Part 2 (Google Slides)

Activities

(Optional) Install a password manager with a free trial (e.g., 1Password); sign up for an email (e.g., at tutanota.com), and create a randomized password for it.

Questions for discussion

• How easy or difficult do you think it is to use a password manager? Why is that?

Related resources

• Check out our list of guides and resources for strengthening online account security.