### Please enable JavaScript to use CodeHS

What are some ways that you keep your personal data secure and private? Do you use strong passwords? How would you rate the strength of your passwords? In this tutorial, learn how to create a password that can combat hacking attempts such as brute force attacks, dictionary attacks, and algorithm attacks.

### By Jennifer Campbell

What are some ways that you keep your personal data secure and private? Do you use strong passwords? How would you rate the strength of your passwords?

﻿Strong passwords are critical in today's connected world. Almost every website, app, or connected device wants you to log in and create an account. This leads to multiple accounts per person! Whether it be for social media, school, email, coding, work, or anything else, each account needs a strong password to ensure you are the only one who can access your data.

Short passwords can be easily cracked by using guessing algorithms or by brute force! Run the following simulations to learn more about how these attacks work.

# Brute Force Attacks

This program will choose a random two-digit code from 0 to 99.

You have to break the code! To help, there are hints as to whether your guess is too high or too low.

How many attempts will it take you to break the code? Do you think you could do it without the hints?

So, we all know that computers work way faster than humans! Explore the following simulation to see how long it takes a computer algorithm to crack a four digit code!

# Using a Computer Algorithm

Click on the Generate Code button and then the Crack Code button. How long does it take for the algorithm to crack the code?

Click on the See Attempts button and scroll down to see about how many attempts were made.

*Note: This code only uses the digits 0-5 to speed up the process, but would still only take less than a few minutes to crack the code using digits 0-9.

There are a few tips for ensuring a strong password. Complex passwords are typically longer in length, contain a combination of lower case letter, upper case letter, special characters (! @ # \$ % ^ & *), punctuation, and numbers. Also, complex passwords will be completely random and not have full words written out. Lastly, using different passwords for different accounts is important so that if one password is hacked, only one of your accounts needs to be taken care of, rather than all.

So, why do we not want to use full words? Why must we mix it up with special characters and numbers? Well, there is a password cracking attack known as a dictionary attack.

# Dictionary Attack

The following activity simulates how a password dictionary may be used to assist in accessing someone’s account.

You will be given a list of potential passwords and will try to guess the correct one. If you’re wrong, we’ll tell you how many letters are in the correct place.

How do you think having a password dictionary would help to crack into someone’s account? How would knowing just a part of a password (birthdate, mother's maiden name, etc) help to crack into someone’s account? Where could someone potentially find out this information?

Let's test out the strength of a few passwords in the activity below. Scroll down to the yellow box labeled Test a New Password. DON'T type in your actual passwords, but rather type in examples that follow these criteria:

1. Type in a password using 8 lowercase letters.

2. Change one letter to an uppercase letter.