Protecting Information Online: Passwords and Privacy SettingsActivities & Teaching Strategies
Active learning works because digital security skills require hands-on practice. Students must experience the frustration of weak passwords, the visibility of public profiles, and the deception of phishing to truly value strong habits. These activities let them test consequences in a safe space before real-world risks appear.
Learning Objectives
- 1Analyze the characteristics of strong passwords, including length, character variety, and avoidance of predictable patterns.
- 2Evaluate the effectiveness of different privacy setting configurations on social media platforms to control information visibility.
- 3Compare the security risks associated with weak passwords versus strong passwords in the context of online account access.
- 4Demonstrate how to adjust privacy settings on a specified online platform to limit the audience for personal information.
- 5Synthesize best practices for password creation and privacy management into a personal online security plan.
Want a complete lesson plan with these objectives? Generate a Mission →
Password Strength Challenge: Checker Race
Pairs brainstorm five passwords meeting criteria, then test them on an online strength checker like Have I Been Pwned. They note scores and revise weak ones based on feedback. Groups share top passwords and explain choices.
Prepare & details
What makes a password strong and hard to guess?
Facilitation Tip: For the Password Strength Challenge, time students strictly to pressure quick decisions and mimic real-world urgency.
Privacy Settings Audit: Demo Accounts
Small groups access teacher-provided demo accounts on Instagram or similar. They follow checklists to change visibility for posts, profiles, and tags, screenshot before-and-after. Teams present one key change and its benefit.
Prepare & details
How can privacy settings help control who sees your information?
Facilitation Tip: During the Privacy Settings Audit, provide demo accounts with preset weak settings so students practice fixing them.
Phishing Role-Play: Guess and Defend
Whole class divides into attackers and defenders. Attackers guess weak passwords from clues; defenders adjust privacy on sample profiles. Debrief reveals patterns in failures and successes.
Prepare & details
Demonstrate how to adjust privacy settings on a common online platform.
Facilitation Tip: In the Phishing Role-Play, assign roles randomly to prevent students from guessing who might 'fall for it.'
Secure Profile Build: Peer Review
Individuals set up a mock social profile with strong password and private settings. They swap with a partner for review using a rubric, then revise based on feedback.
Prepare & details
What makes a password strong and hard to guess?
Facilitation Tip: For the Secure Profile Build, require students to justify each privacy choice in writing before peer review.
Teaching This Topic
Teach this topic through cycles of demonstration, trial, and reflection. Research shows that students retain security habits best when they experience the consequences of poor choices firsthand. Avoid lectures alone; instead, let them fail safely during activities, then discuss why. Model curiosity about privacy settings yourself to normalize the habit.
What to Expect
Successful learning looks like students confidently craft complex passwords, adjust privacy settings without defaulting to public, and immediately recognize phishing attempts. They should articulate why each choice matters, not just follow steps mechanically.
These activities are a starting point. A full mission is the experience.
- Complete facilitation script with teacher dialogue
- Printable student materials, ready for class
- Differentiation strategies for every learner
Watch Out for These Misconceptions
Common MisconceptionDuring the Password Strength Challenge, watch for students assuming that any long password is strong.
What to Teach Instead
Interrupt the race and display a 12-character password like 'ilovechocolate!' on the board. Have students attempt to crack it in 30 seconds to reveal its weakness, then revise criteria to require randomness and complexity.
Common MisconceptionDuring the Privacy Settings Audit, watch for students believing that default settings are safe.
What to Teach Instead
Open a demo Google account together and show how 'Friends' visibility defaults to 'Public.' Ask students to adjust it to 'Only me' during the audit, then explain why this reduces risk.
Common MisconceptionDuring the Secure Profile Build, watch for students reusing strong passwords across sites.
What to Teach Instead
Require students to generate unique passwords for three mock accounts during peer review. If they reuse one, ask them to explain how a breach in one account could compromise another, using a chain reaction example.
Assessment Ideas
After the Password Strength Challenge, present students with 5-7 example passwords. Ask them to identify which are strong and justify choices based on complexity criteria from the checker race.
During the Privacy Settings Audit, pose the question: 'Imagine your friend shares their school location daily. What specific privacy setting would you adjust on Instagram, and why is this important?' Facilitate a brief discussion after the audit.
After the Phishing Role-Play, ask students to write one characteristic of a strong password and one privacy setting they learned to adjust on a common platform. Collect these as they leave to assess retention.
Extensions & Scaffolding
- Challenge students who finish early to create a password manager setup for a mock account and explain its benefits to a partner.
- Scaffolding: Provide a checklist of privacy settings for platforms like Instagram and Facebook alongside the demo accounts.
- Deeper exploration: Ask students to research a recent data breach and trace how weak passwords or oversharing contributed to it.
Key Vocabulary
| Brute-force attack | A cyberattack method that involves systematically trying all possible password combinations to gain unauthorized access to an account. |
| Multi-factor authentication (MFA) | A security process that requires users to provide two or more verification factors to gain access to a resource, such as an online account. |
| Privacy settings | Configuration options within online platforms that allow users to control who can view their profile information, posts, and connections. |
| Password complexity | The measure of a password's strength, determined by its length, use of uppercase and lowercase letters, numbers, and symbols. |
Suggested Methodologies
More in Computer Networks and Communication
Introduction to Computer Networks
Students will learn the basic concepts of computer networks, including network types, topologies, and components.
2 methodologies
How the Internet Works: A Simple Model
Students will explore a simplified model of how the internet connects devices and transmits information, focusing on basic concepts like sending and receiving data.
2 methodologies
Network Addressing: IP and MAC Addresses
Students will understand the concepts of IP addresses (IPv4, IPv6) and MAC addresses, and their roles in network communication.
2 methodologies
Online Safety and Digital Footprint
Students will learn about safe online practices, recognizing online risks, and understanding their digital footprint.
2 methodologies
Common Network Attacks and Defenses
Students will learn about common cyber threats like phishing, DDoS, and malware, and strategies to mitigate them.
2 methodologies
Ready to teach Protecting Information Online: Passwords and Privacy Settings?
Generate a full mission with everything you need
Generate a Mission