0of12read0 XP
Passwords That Actually Protect You
You can tell a strong password from a weak one, and build a passphrase you will actually remember.
- Time
- ~15-20 min
- Type
- exercise
- Bloom
- Apply → Create
- XP
- 100
Architecture diagram for Passwords That Actually Protect You. You can tell a strong password from a weak one, and build a passphrase you will actually remember.
You'll be able to
- You can tell a strong password from a weak one, and build a passphrase you will actually remember.
- You can explain why reusing the same password across accounts is risky.
- You can set up a password manager and let it do the hard work for you.
- You can turn on a second sign-in step (2FA), and explain what that second step is doing.
- You can spot a fake "password reset" or "account problem" message before it tricks you.
Key concepts · tap to reveal
1/12·Idea·Beat 1 · Hook
0%
Idea
01 / 12
Your online keys
Think of your passwords like the keys to your house, your car, and your mailbox. Most people guard the physical keys carefully. Online keys deserve the same care, because they protect your email, your money, and your photos.
The good news: you do not need to be technical to do this well. You need a few habits and one helpful tool. Over the next few cards you'll build a passphrase you can actually remember, learn why reusing one password is dangerous, and turn on the one protection that matters most.
Your task Write a prompt that asks Claude to recommend the right AI setup for a real task you're facing — then weigh its answer against this lesson, "Passwords That Actually Protect You."
a strong prompt:role · context · task · format · example
Exercise · audit
Right now, turn on the second step for your email account. Go to Settings, then Security, find two-factor or two-step verification, and follow the prompts. When it shows you backup codes, save them, by printing them or pasting them into a note in your password manager. You have just protected the account that protects all your other accounts.
Deliverable
Complete the hands-on task on your own device and note what you did, so the skill sticks.
Common misconceptions
“Forgetting your master passphrase”
The manager cannot recover it for you. Write it down and store it somewhere safe at home.
“Skipping backup codes”
People turn on 2FA, then get a new phone and lock themselves out. Save the codes the day you turn it on.
“Trusting the link in the message”
Even when an email looks perfect, reach the site your own way instead of clicking. Urgency is the scammer's favorite trick.
Sources
- [1]CIS Control 5.2·CIS Control 5.2, Use Unique Passwords (length guidance) (CP-257002) (n.d.) · Standards
- [2]Corpus·OWASP Credential Stuffing Prevention Cheat Sheet (reuse risk) (CP-257109) (n.d.) · Standards
- [3]Corpus·OWASP Password Storage Cheat Sheet (how managers protect stored passwords) (CP-257091) (n.d.) · Standards
- [4]CIS Control 6.x·CIS Control 6.x, Require MFA (second-step protection) (CP-257000) (n.d.) · Standards
- [5]OWASP Forgot Password Cheat Sheet (fake reset flows)·OWASP Forgot Password Cheat Sheet (fake reset flows) (CP-257096) (n.d.) · Standards
- [6]CIS Control 11.3·CIS Control 11.3, Protect Recovery Data (backup/recovery) (CP-256956) (n.d.) · Standards
- [7]CIS Control 14.3·CIS Control 14.3, Train Workforce on Authentication Best Practices (MFA, password composition, credential management) (CP-256934) (n.d.) · Standards
- [8]CISA·CISA, Turn On MFA (n.d.) · Standards
- [9]FTC Consumer Advice·FTC Consumer Advice, How To Recognize and Avoid Phishing Scams (n.d.) · Standards
- [10]FTC Consumer Advice·FTC Consumer Advice, Don't take the bait on phishing scams (n.d.) · Standards
Submit your work for review
Paste your capstone artifact below. You'll get back a 4-level rubric grade, per-criterion feedback, and three concrete edits to strengthen it.