Computing · Year 7

Active learning ideas

Strong Passwords and Authentication

Active learning turns abstract cybersecurity concepts into concrete skills students can test and refine. When students craft, crack, and debate passwords in real time, they move beyond memorisation to internalise why complexity and randomness matter.

National Curriculum Attainment TargetsKS3: Computing - Online SafetyKS3: Computing - Cybersecurity
25–45 minPairs → Whole Class4 activities

Activity 01

Collaborative Problem-Solving30 min · Pairs

Pairs Challenge: Create and Crack Passwords

Pairs generate three passwords: one weak, one medium, one strong, using printed checklists for criteria like length and character mix. They swap with another pair to guess or rate them based on common attacks. Class shares results and refines rules together.

Design a robust password strategy that balances security and memorability.

Facilitation TipDuring the Pairs Challenge, set a 5-minute timer to pressure-test passwords, then have pairs switch roles to simulate attacker-defender dynamics.

What to look forPresent students with five example passwords. Ask them to rate each password's strength on a scale of 1-5 and provide a one-sentence justification for their rating, focusing on length, character types, and predictability.

ApplyAnalyzeEvaluateCreateRelationship SkillsDecision-MakingSelf-Management
Generate Complete Lesson

Activity 02

Collaborative Problem-Solving45 min · Small Groups

Small Groups: Authentication Method Stations

Set up stations for password entry sim, 2FA app demo, biometric scan video, and security questions quiz. Groups rotate every 7 minutes, noting strengths, weaknesses, and real-world uses on worksheets. Debrief with group presentations.

Compare different multi-factor authentication methods for their strengths and weaknesses.

Facilitation TipIn Authentication Method Stations, assign a 2-minute rotation so groups rotate every station, keeping energy high and preventing over-explanation.

What to look forPose the question: 'Imagine you have five different online accounts. What are the pros and cons of using the exact same password for all of them versus using a different password for each?' Facilitate a class discussion where students share their reasoning.

ApplyAnalyzeEvaluateCreateRelationship SkillsDecision-MakingSelf-Management
Generate Complete Lesson

Activity 03

Collaborative Problem-Solving35 min · Whole Class

Whole Class: Password Strategy Debate

Divide class into teams to argue positions on key questions, such as unique passwords versus reuse or regular changes versus lifetime use. Teams prepare evidence from prior lessons, debate in rounds, then vote with justifications.

Justify the importance of regular password changes and unique passwords for different accounts.

Facilitation TipFor the Password Strategy Debate, require students to cite at least one peer’s password example as evidence in their arguments to build listening and citation skills.

What to look forAsk students to write down one strong password or passphrase they have created (without revealing it to anyone) and then explain in two sentences why it is considered strong according to the principles learned in class.

ApplyAnalyzeEvaluateCreateRelationship SkillsDecision-MakingSelf-Management
Generate Complete Lesson

Activity 04

Collaborative Problem-Solving25 min · Individual

Individual: Personal Security Plan

Students design a poster outlining their password strategy, including passphrase examples, MFA choices for key accounts, and a change schedule. They self-assess against rubrics and share one tip with the class.

Design a robust password strategy that balances security and memorability.

Facilitation TipIn the Personal Security Plan, provide sentence stems for reflection prompts to scaffold metacognition for students who need structure.

What to look forPresent students with five example passwords. Ask them to rate each password's strength on a scale of 1-5 and provide a one-sentence justification for their rating, focusing on length, character types, and predictability.

ApplyAnalyzeEvaluateCreateRelationship SkillsDecision-MakingSelf-Management
Generate Complete Lesson

A few notes on teaching this unit

Teaching cybersecurity works best when students experience vulnerability firsthand. Avoid lecturing about password strength; instead, let them create weak options and feel the frustration of cracking attempts. Research shows hands-on simulations build retention more than theoretical warnings. Keep language concrete—avoid jargon like entropy—and use analogies students already know, such as comparing passwords to house keys that must fit multiple locks uniquely.

By the end of these activities, students will confidently build passwords meeting length and complexity rules, compare authentication methods based on security and usability, and justify their choices with evidence. Look for students articulating trade-offs and adjusting their strategies after peer feedback.

Watch Out for These Misconceptions

  • During Pairs Challenge: Watch for students who create passwords using pet names or birthdays, believing their personal connection makes them secure.

    Prompt pairs to role-play as hackers using social media clues to guess each other’s passwords within 30 seconds, then ask them to redesign using random words or symbols. The frustration of being cracked quickly shifts their understanding of memorability versus security.

  • During Authentication Method Stations: Watch for students justifying password reuse because one strong password feels sufficient for all accounts.

    Guide groups to simulate a chain reaction: if one account is breached, map which other accounts become vulnerable. Use sticky notes to visually link accounts, then redesign with unique passwords for each to reinforce the principle of compartmentalisation.

  • During Password Strategy Debate: Watch for students dismissing MFA as unnecessary, claiming it adds too much time or hassle.

    Have students trial MFA setups using their own phones and a sample account, timing the process. Then, run a live demo of an account takeover using only a leaked password versus one protected by MFA. The stark contrast in outcomes makes the case for MFA’s efficiency and necessity.

Methods used in this brief

More in Impacts and Digital Literacy

Introduction to Digital Citizenship

Students will explore what it means to be a responsible digital citizen and the importance of online etiquette.

2 methodologies

Online Etiquette and Netiquette

Students will learn about appropriate communication and behaviour in various online environments, including social media and forums.

2 methodologies

The Digital Footprint: Data Collection

Exploring how personal data is collected and the long term consequences of an online presence.

3 methodologies

Privacy Settings and Online Identity

Students will learn to manage privacy settings on various platforms and understand how their online identity is constructed.

2 methodologies

Cyberbullying and Online Harassment

Understanding the forms of cyberbullying, its impact, and strategies for prevention and response.

3 methodologies