Skip to content

A6 - Password Management

This assignment will be done in groups.

Task 1

Your group will be provided with a handout that will simulate a leaked database of usernames and password hashes. Some of the hashes correspond to very commonly used passwords.

You should use the first ten passwords from the list on this website to try to crack as many as you can on the handout. You will need to use the SHA256 Hash Generator.

Task 2

Consider the graphic below that outlines how long it takes to crack passwords of varying complexity.

If you're interested, detailed information about how this chart was calculated can be found here.

Discuss as a group:

  • What would be your personal preferred compromise between security and convenience when picking a password? Where on the chart do you think is about right?
  • It's okay if group members have differing opinions and you don't come to a consensus.

Task 3

Prepare a short presentation with your group. Include the following:

  • Your preferred security/convenience compromise when choosing passwords, as discussed in Task 2. If there was not a consensus among everyone in your group, you can discuss this.

  • The potential issues with using the same password on multiple sites. Consider:

    • If a hacker were to crack your password using the method we used in Task 1, what might the hacker do next with that information?
    • Is there any guarantee that every website owner stores passwords hashed instead of as plain text? Can we assume all website owners will follow best security practices to avoid getting hacked?

  • What is MFA, or multi-factor authentication, and how does it benefit security?

  • What is a password manager? Briefly research two popular ones, and give quick pro/con comparison between the two.