Password Basics
This is the recommended minimum number of characters for a strong password.
What is 12?
This attack tries every possible character combination until it guesses correctly.
What is brute force?
This 6-digit number is still one of the most common PIN codes.
What is 123456?
This is the recommended method to manage and remember multiple strong passwords.
What is a password manager?
True or False: Adding “123” to the end of your password makes it secure.
What is False?
A good password should include these 3 types of characters besides letters.
What are numbers, symbols, and uppercase letters?
Attackers use lists of common words or leaked passwords in this type of attack.
What is a dictionary attack?
In 2012, this professional networking site had 117 million passwords leaked.
What is LinkedIn?
Adding a second verification step, like a code to your phone, is called this.
What is multi-factor authentication (MFA)?
True or False: Longer passwords are usually stronger than short, complex ones.
What is True?
This type of word, like "dog" or "sunshine," is too simple to use as a password.
What is a dictionary word?
When attackers buy stolen username and password combos from the dark web, it’s called this.
What are credential dumps?
This celebrity had their iCloud hacked in 2014 due to weak passwords and phishing.
Who is Jennifer Lawrence?
Instead of changing your password every 30 days, experts now recommend this approach.
What is use a strong password and change only if compromised?
Many think they should write passwords on sticky notes. Experts say this is okay only in this scenario.
What is a secure home environment (not public/shared spaces)?
This is the term for using multiple random words like "correct horse battery staple" as a password
What is a passphrase?
This type of tool is designed specifically to guess passwords very quickly.
What is a password cracker?
In 2020, over 500,000 Zoom accounts were hacked because users did this.
What is reused passwords?
These devices, like YubiKeys, can provide hardware-based authentication.
What are security keys?
True or False: Changing your password every 30 days makes it harder for hackers.
What is False (it often leads to weaker patterns)?
This term describes using one password across multiple accounts.
What is password reuse?
Hackers try logging into many accounts using one stolen password in this type of attack.
What is credential stuffing?
In 2013, this major retail chain had 40 million customer card details stolen after weak password security was exploited.
What is Target?
This organization publishes password security guidelines (e.g., NIST 800-63).
What is the National Institute of Standards and Technology (NIST)?
True or False: Using your pet’s name and birthday makes your password strong.
What is False?