Computer Science · Grade 9

Active learning ideas

Secure Passwords and Authentication

Active learning helps students grasp abstract security concepts by making them concrete and memorable. When students create, test, and analyze passwords and authentication methods firsthand, they build durable understanding of why secure practices matter in real-world scenarios.

Ontario Curriculum ExpectationsCS.HS.CY.6CS.HS.S.13

20–40 minPairs → Whole Class4 activities

Activity 01

Problem-Based Learning25 min · Pairs

Checklist Relay: Crafting Strong Passwords

Pairs brainstorm passwords meeting criteria: length, character mix, no personal info. One partner writes while the other checks against a class rubric. Switch roles, then pairs share top examples with the class for voting on strength.

Explain the characteristics of a strong, secure password.

Facilitation TipDuring Checklist Relay, circulate to listen for student reasoning and gently correct misunderstandings about password composition in real time.

What to look forPresent students with five sample passwords. Ask them to rate each password's strength on a scale of 1-5 and provide a one-sentence justification for their rating, referencing specific password characteristics.

AnalyzeEvaluateCreateDecision-MakingSelf-ManagementRelationship Skills

Generate Complete Lesson

Activity 02

Stations Rotation40 min · Small Groups

Stations Rotation: Authentication Demos

Set up three stations: password entry with fake login, biometric scan using phone cameras, MFA simulation with app codes. Small groups rotate every 10 minutes, noting pros, cons, and security levels at each.

Differentiate between various authentication methods (e.g., passwords, biometrics, MFA).

Facilitation TipFor Station Rotation, assign student roles like recorder or presenter at each station to ensure participation and accountability.

What to look forFacilitate a class discussion using the prompt: 'Imagine you receive an email asking you to reset your password for a popular social media site by clicking a link. How would you determine if this is a legitimate request or a phishing attempt, and what steps would you take to protect your account?'

RememberUnderstandApplyAnalyzeSelf-ManagementRelationship Skills

Generate Complete Lesson

Activity 03

Problem-Based Learning30 min · Pairs

Phishing Challenge: Test MFA

Whole class views teacher-led phishing video. In pairs, students simulate responses with and without MFA, recording outcomes. Discuss which method blocks access best.

Justify the importance of multi-factor authentication in enhancing account security.

Facilitation TipIn Phishing Challenge, limit time per scenario to create urgency and mimic real-world pressure while observing how students apply MFA knowledge.

What to look forAsk students to write down: 1) One reason why using the same password for multiple websites is a bad idea. 2) One example of a 'something you have' factor used in MFA.

AnalyzeEvaluateCreateDecision-MakingSelf-ManagementRelationship Skills

Generate Complete Lesson

Activity 04

Problem-Based Learning20 min · Individual

Password Cracker Demo: Weak vs Strong

Individuals use free online tools to test sample weak and strong passwords. Note cracking times, then create and test their own. Share results in a quick gallery walk.

Explain the characteristics of a strong, secure password.

AnalyzeEvaluateCreateDecision-MakingSelf-ManagementRelationship Skills

Generate Complete Lesson

A few notes on teaching this unit

Teach this topic through guided inquiry and peer discussion rather than direct instruction. Research shows students retain cybersecurity concepts better when they discover flaws themselves in authentic simulations. Avoid lecturing about risks; instead, let students experience the consequences of weak practices firsthand. Use humor and relatable examples to reduce anxiety around technical details.

Students will confidently explain strong password traits, compare authentication types with evidence, and justify the need for MFA. They will also identify phishing attempts and recognize the risks of password reuse and weak authentication methods.

Watch Out for These Misconceptions

During Checklist Relay: Watch for students who believe personal details like birthdays or pet names make passwords secure because they are unique.
Have students swap password examples in small groups and attempt to guess each other's passwords based on social media-style profiles you provide. After the activity, discuss how easily hackers exploit publicly available information.
During Password Cracker Demo: Watch for students who think reusing a strong password across accounts is acceptable for simplicity.
Use the Password Cracker Demo to simulate a chain reaction where one breached password exposes multiple accounts. Students will see the domino effect firsthand, justifying unique passwords through evidence collected during the demo.
During Station Rotation: Watch for students who believe biometrics alone provide perfect, unspoofable security.
During the biometrics station, demonstrate how facial recognition can be fooled with high-quality photos or how fingerprints can be replicated with molds. Use role-play to show why MFA combines factors for robust defense.

Methods used in this brief

More in Networks and the Global Web

Introduction to Cloud Computing

Students will explore the concepts of cloud services, deployment models, and their advantages/disadvantages.

2 methodologies

Fundamentals of Cybersecurity

Students will define cybersecurity and identify its core principles (confidentiality, integrity, availability).

2 methodologies

Introduction to Cryptography

Students will explore basic cryptographic concepts, including symmetric and asymmetric encryption.

2 methodologies

Common Cyber Threats

Students will identify and describe various cyber threats such as malware, phishing, and denial-of-service attacks.

2 methodologies

Social Engineering Tactics

Students will learn about social engineering techniques and how attackers manipulate individuals to gain access.

2 methodologies