When we teach security, we often face challenges in conveying our knowledge to a non-security audience. Ideas such as authentication bypass, password uniqueness and complexity, and defense-in-depth are abstract and can be difficult to grasp for those who aren’t already well-versed in the language of security. We need novel approaches to teaching security that go beyond language.Driven by the educational theory of embodied cognition — using hands-on, concrete metaphors to build a better understanding of abstract concepts — I explore teaching lockpicking alongside teaching authentication and security concepts. As security professionals, we deal largely in abstractions, but experiencing physical representations of those abstractions helps solidify understanding of them, both for us and for end users.