The Badge Archive

• Fulfills Step 2 of GSUSA Junior Cybersecurity Basics badge requirements.
• Fulfills Step 2 of GSUSA Cadette Cybersecurity Basics badge requirements.

Info Needed for badge requirements: For a secure password: Use the VTK Password Checklist by GSUSA. Never reuse passwords across accounts. Change your password if you think it’s been hacked. Hackers can crack passwords in two main ways: Dictionary Attack: Hackers use lists of common passwords to guess quickly. Brute Force Attack: Hackers try every possible combination of letters, numbers, and symbols. Longer passwords with mixed characters take much more time to crack.

Items Needed

• Whiteboard or chart paper and marker
• Stopwatch or timer
• VTK Common Passwords from GSUSA (one or two copies for the troop to share)

Instructions

1. A scout comes up to the board and thinks of a weak password (as insecure as possible). They draw a blank space on the board for each character in the password.
2. Explain the game: Scouts will act as hackers trying to guess the password within three minutes. Scouts can guess one character (letter, number, or special character) at a time or try to guess the whole password. If the guessed character is correct, the scout reveals all its locations in the password.
3. Round 1:
   • Set the timer for three minutes and let the troop work together to solve the weak password.
4. Round 2:
   • Another scout creates another weak password using the Common Passwords handout as inspiration. The troop guesses the password with the same rules.
5. Round 3:
   • A scout comes up with a strong password (secure and difficult to guess). Repeat the guessing game, alternating between strong and weak passwords for comparison.
6. Talk about the game:
   • Which passwords were easiest to guess?
   • Which were hardest to crack?
   • Why is it important to have a strong password?
7. Explain two common ways hackers crack passwords:
   • Dictionary attack: Hackers use databases of common passwords to guess quickly.
   • Brute force attack: Hackers try every combination of characters. Long passwords with mixed characters (letters, numbers, symbols) are harder to crack. For example, an eight-character password can be cracked in hours, while an 11-character password can take years.