🔒 Module 1 — Password Security

1) Password Basics

Passwords are your first line of defense. Many attacks succeed because of short or reused passwords. Strong passwords act like a serious lock on your personal info.

Aarav’s Note: When I first started learning cybersecurity, I realized most hacks don’t need fancy tools—they happen because of weak passwords. Changing mine felt like locking the front door for the first time.

2) Strong vs Weak

Short, predictable passwords (like “John123”) are cracked in seconds. Use long passphrases (12+ chars) made of unrelated words, e.g. correct-horse-battery-staple-2025.

• 12+ characters is the modern baseline.
• Random words > predictable patterns.
• Length + randomness beat short + “fancy”.

Aarav’s Note: I used to think adding numbers made a password strong. Once I learned that length and randomness matter more, I switched to short phrases—easier to remember and much safer.

3) Password Managers

A password manager is a secure vault. You remember one master password while it generates and stores unique passwords for every site, then auto-fills them for you.

• Eliminates reuse across sites.
• Pick a strong master passphrase.
• Examples: Bitwarden, 1Password.

Aarav’s Note: I hesitated to trust a manager at first, but using Bitwarden changed everything. I went from reusing a few passwords to 100+ unique ones without stress.

4) Two-Factor Authentication (2FA)

2FA adds a second step after your password (code from an app or a hardware key). If your password leaks, 2FA still blocks attackers. Turn it on for email, banking, and socials.

• Best → Hardware key (e.g., YubiKey)
• Strong → Authenticator app (TOTP)
• OK → SMS (use if no other option)

Aarav’s Note: I only “got” 2FA after a friend’s account was stolen. Now every important account I own has it on—no excuses.