Great idea and a fun little game that will teach people about account security features of EOS! :)
btw,
Active key can and should be different from owner. Initially all accounts come with same owner and active key. For better security before starting to use EOS account people should update their active accounts and use them when logging into wallets. Owner key should be left offline in storage and only be used to update active key and serve as a "recovery" key.
Generate new key with:
cleos create key
Here is a cleos command that can be used to update active key for an account
cleos -u https://eos.greymass.com:443 set account permission < accountname > active '{"threshold": 1, "keys": [{"key": "< new active public key >", "weight": 1}],"weight":1}]}' owner