Being smart about password managers, phishing scams and two-factor authentication can help protect you from cyberharm.
Living in a digital, connected world comes with risks. There are certain vulnerabilities that are difficult to protect yourself against — like the recent Equifax security breach that exposed millions of social security numbers. But there are ways to build up your personal digital security when it comes to your devices and how you decide to share your information. Engineer Micah Lee and Jason Koebler of Motherboard help us sort through encrypted messaging, password managers, and VPNs to increase your cybersecurity safety and IQ.
Questions for Students
- Why is the “Spectre” — aka “Meltdown” — vulnerability such a big deal? Who does it affect?
- How can the Spectre vulnerability be corrected? Why is it going to be harder to fix ATMs than iPhones? Cite evidence in the transcript to support your response.
- Why is it a good idea to create many different passwords instead of using one password for all of your different logins?
- Koebler recommends using a password manager to help you keep track of multiple passwords. But how could a password manager make you more vulnerable to hackers? When might a password manager be a major inconvenience?
- Describe the pros and cons of using two-factor authentication. What hardware or software does someone need in order to use two-factor authentication?
- How does a phishing attack usually happen? What would a phishing attack look like for a website that you use, and how would you know to avoid it?
- Have students research a data breach at a major company and then draft a security recommendation that, if followed before the breach, would have prevented the it from occurring. In their research, students should determine what type of private information was shared, the number of people affected, and how hackers or individuals were able to access that data. This data breach infographic provides a helpful starting point. For fully interactive graphics by year, industry, and region alongside biannual reports, try The Breach Level Index.
- Challenge students to craft their own phishing message (could be an e-mail, text, or snap!) that they think would work on one or more of their peers. Students can research common phishing practices for ideas about the language used to coerce people into providing their login information. Students should be able to justify why they think their message would be successful at getting the reader to provide login credentials to a phony website.
- If all this internet safety stuff is overwhelming, check out Common Sense Media’s Digital Citizenship Curriculum, a free resource for learning how to participate in online communities safely, sorted by grade level.
Vocabulary: phishing, two-factor authentication, login credentials
Next Generation Science Standards: SEP 4: Analyzing and Interpreting Data, SEP 8: Obtaining, Evaluating, and Communicating Information