POD G members :- Abin, Sasha, Paterson

Our Pod ( Pod G ) has decided to review Pod F

Overview

Our group reviewed the learning resource blueprint made by Sneh, Dilraj, Trevor for our EDCI335 class, titled “How Passwords Are Stored: Hashing, Salting, and Digital Security”. Overall, this blueprint was clear, well organized, and the content sounded relevant and engaging. The pacing of the three subtopics was laid out nicely, and each one built on the last in an intuitive way making the resource easy to follow. The learning activities are intriguing, making learners likely to engage in a meaningful way.

Strengths

Some strengths that stood out in particular were the interactive learning activities that were included in subtopic 1 and 3. The “Hash It Yourself” activity incorporates a style of learning that is particularly engaging, where the learners get to experiment with watching passwords be hashed in real time and observe how hashing hides the original password without being able to be reversed. In subtopic 3, the “Good Company vs Bad Company” activity puts the learners into a fictional data breach so they can compare how two different companies handle the security of their user data, and how those differences affect the impact of the data breach. This is a great way to show the real world impact of cyber security and increase relevance of the resource. Both of these activities use cognitivist theories, helping learners organize and relate new information to existing knowledge in memory. 

Another strength of the learning resource were misconceptions. They drew on existing false knowledge of students, and were general enough making it likely that most students have learned these misconceptions in their environments. They drew on students’ existing mental models, making learning activities to follow even more effective.

Similarly, the essential questions provided for each subtopic add another layer of strength. Each one is open ended and ties directly back to the learning outcome it is meant to guide. For example, the essential question in subtopic 2 “How does adding randomness to the hashing process fundamentally change the effectiveness of password protection?” does not just ask learners to define salting, but to think about why it changes the outcome. Questions like these encourage deeper reflection rather than memorization.  

Areas for improvement

One area for improvement we noticed was that there wasn’t a learning activity listed for subtopic 2, which would be a nice addition to the resource. The other two activities sounded really engaging and relevant, so it would be nice to see something similar with the second topic. While reading the blueprint, the second topic seemed like it was a bit more complex than the other two, and as the assessment is a long answer style response, we think an activity to really solidify the content would be useful to ensure the learners understand the material. We saw that the material listed is a youtube video, so perhaps making this into an H5P interactive video could be an idea. 

Another area that was a bit unclear as a person that doesn’t know much about hashing, is that before the “Hash It Yourself” learning activity, the hashing itself isn’t explained. The resource states why it should be done, but not what it actually is. The first time that we see what hashing really is, is during that activity. I think it would be nice to add a definition, and maybe a text example of: if this is your password – Divan@(stul5, then the hashed version of it will look like this: 102e1d26ce098bd855587b330432d13d. It gives the student a clear picture of what they are about to learn early on, potentially incentifying their interest.

One last area for improvement is the clarity of the outcome for learning this topic. While the blueprint explains how hashing and salting happens it is not always clear what the learner will actually be able to do with this knowledge once the module is complete. Is the goal to help learners build better personal password habits, or is it more about understanding the systems behind the scenes? A short line near the start of the resource explaining what learners will walk away with, for example: “by the end of this module, you will be able to evaluate whether the websites you use are protecting your password responsibly and adjust your own password habits accordingly” would make the purpose of the lesson feel more concrete.

Final thoughts

Overall, we think this resource is well organized, relevant to the modern world, and the activities sound engaging and fun. As a final thought for the team to consider, all three assessments in the current draft (short answer quiz, written explanation, checklist) lean on traditional text based formats. Since the team has already planned for inclusive design including ELL learners and learners with ADHD, exploring an interactive H5P assessment for at least one subtopic like drag-and-drop matching or a quick interactive quiz could reduce the reliance on text-heavy writing and align the assessments more closely with the inclusive design goals already in the blueprint.