Safe Computing - Complete Interactive Lesson
Part 1: Core Concepts
๐ Safe Computing
Part 1 of 7 โ Privacy, Authentication, and Online Safety
Personal Data and Privacy
What Is PII?
Personally Identifiable Information (PII) is data that can identify a specific individual.
| Direct PII | Indirect PII |
|---|---|
| Full name | ZIP code |
| Social Security number | Date of birth |
| Email address | Gender |
| Phone number | Browsing history |
| Home address | Purchase history |
| Biometric data | Location data |
๐ Indirect PII alone may not identify a person, but combining multiple pieces of indirect PII often can. ZIP code + date of birth + gender can uniquely identify 87% of Americans.
How Data Is Collected
| Method | Example |
|---|---|
| Cookies | Websites track browsing behavior across sessions |
| Location services | GPS data from mobile devices |
| Social media | Posts, likes, friend connections |
| Transactions | Credit card purchases, online orders |
| Search history | Queries entered into search engines |
| IoT devices | Smart speakers, fitness trackers |
Companies collect this data for targeted advertising, product improvement, and analytics. Users often agree to data collection through Terms of Service agreements that many do not read.
Concept Check ๐ฏ
Authentication and Authorization
Authentication Methods
| Method | What You | Example |
|---|---|---|
| Know | Knowledge factor | Password, PIN, security question |
| Have | Possession factor | Phone (for SMS code), security key |
| Are | Biometric factor | Fingerprint, face scan, iris scan |
Multi-Factor Authentication (MFA)
Using TWO OR MORE different factors together. Example: password (know) + phone code (have).
Strong Password Practices
- Use long, unique passwords for each account
- Combine uppercase, lowercase, numbers, and symbols
- NEVER reuse passwords across sites
- Use a password manager to store them securely
Authorization vs Authentication
| Concept | Question Answered |
|---|---|
| Authentication | "Who are you?" (Verify identity) |
| Authorization | "What are you allowed to do?" (Verify permissions) |
Digital Footprint
Everything you do online creates a โ a trail of data including:
Applied Recall โ๏ธ
-
Data that can identify a specific individual is called Personally _______ Information (PII).
-
Using a password (something you know) PLUS a phone code (something you have) is called _______-factor authentication.
-
The trail of data created by your online activity is called your digital _______.
Classify the Concept ๐
AP Exam Strategy: Safe Computing
- Know what PII is โ and that INDIRECT PII combined can identify someone
- Three auth factors: know (password), have (phone), are (fingerprint)
- Multi-factor = two DIFFERENT factors (password + password is NOT multi-factor)
- Authentication (who are you?) vs Authorization (what can you do?) โ know the difference
- Digital footprint is largely permanent โ even deleted content may persist
- Cookies track behavior; Terms of Service often grant data collection rights
AP-Style Application ๐ฏ
Part 2: Key Processes
๐ Safe Computing
Part 2 of 7 โ Key Processes
Safe Computing Is About Personal Practice
CSP's "safe computing" topic focuses on what individuals and organizations DO to protect themselves: choices, habits, and configuration โ not just the underlying tech.
| Practice | What it does |
|---|---|
| Strong unique passwords | Limits damage of any one breach. |
| Multi-factor authentication | Makes a stolen password insufficient. |
| Software updates | Closes known vulnerabilities. |
| Backups | Recover from ransomware / mistakes. |
| Awareness of phishing | Block attacks that exploit users, not code. |
Concept Check ๐ฏ
Password Hygiene
| Anti-pattern | Better practice |
|---|---|
| Same password everywhere | Use a password manager + unique passwords. |
| Short / common passwords | Long passphrases or generated random strings. |
| Sharing passwords |
Part 3: Patterns & Examples
๐ Safe Computing
Part 3 of 7 โ Patterns & Examples
Patterns Of Personal Data Risk
| Pattern | Why it's risky |
|---|---|
| Oversharing | Public posts reveal patterns / locations. |
| Old accounts | Forgotten accounts may be breached. |
| Default passwords | IoT devices shipped with "admin/admin". |
| Public Wi-Fi without HTTPS | Eavesdropping risk. |
| Browser auto-fill on shared devices | Credentials leak to whoever uses next. |
Concept Check ๐ฏ
Privacy Settings Are Defaults Worth Reviewing
Defaults often favor sharing. Periodically review:
- Who can see your posts / location / photos.
- What apps have what permissions.
- What third-party logins are connected.
- Which devices are signed in to your accounts.
Public Wi-Fi Caveats
Modern HTTPS protects most traffic on public Wi-Fi. But:
- Some apps still use unencrypted endpoints.
- A malicious access point can present invalid certificates (don't bypass).
- Using a trusted VPN adds an extra layer for higher-risk activities.
Account-Takeover Recovery Plan
Part 4: Connections & Interactions
๐ Safe Computing
Part 4 of 7 โ Connections & Interactions
Safe Computing Connects Across CSP
| Connection | Why |
|---|---|
| Safe computing โ Security | Personal practice is part of defense in depth. |
| Safe computing โ Networks | Most attacks reach you over a network. |
| Safe computing โ Data | Your data is what attackers want. |
| Safe computing โ Impact | Bad practice harms others (forwarded malware, stolen contacts). |
Concept Check ๐ฏ
Defense In Depth For Individuals
| Layer | Personal practice |
|---|---|
| Identity | Unique passwords + MFA. |
| Devices | Updates + lock screens + encryption-at-rest (FileVault / BitLocker). |
| Apps | Install from trusted stores; review permissions. |
| Network | Trusted networks; HTTPS; trusted VPN when needed. |
| Backups | Off-device backups (cloud or external drive). |
Part 5: Change Over Time
๐ Safe Computing
Part 5 of 7 โ Change Over Time
How Safe Computing Has Evolved
| Era | Defining shift |
|---|---|
| 1990s | Antivirus + "don't open weird attachments". |
| 2000s | Spyware, popups, browser hardening. |
| 2010s | Mobile phishing; MFA mainstream. |
| 2020s | Passkeys, AI-assisted phishing, cloud account takeovers. |
Concept Check ๐ฏ
Passwordless Future
Industry is moving toward passkeys (FIDO2 / WebAuthn): the user's device holds a private key; the site only ever sees a public key + signed challenge. This is phishing-resistant by design.
Cloud Account Takeover
Modern attackers target the cloud account itself (email, identity provider) because that often unlocks dozens of services. Defenses:
- MFA on the identity provider.
- Audit which services are connected.
- Review session activity.
What Hasn't Changed
- Patches still matter.
- Phishing still works.
- Backups still save you.
- Healthy skepticism still beats most attacks.
Applied Recall โ๏ธ
-
A modern phishing-resistant alternative to passwords is called a _______.
Part 6: Problem-Solving Workshop
๐ Safe Computing
Part 6 of 7 โ Problem-Solving Workshop
Safe Computing Workshop
Concept Check ๐ฏ
Worked: A Personal Security Checkup
| Area | Action |
|---|---|
| Passwords | Move to manager + unique per site. |
| MFA | Enable on email, banking, social. |
| Audit forwarding rules and recovery info. | |
| Devices | Enable OS encryption; auto-update; lock screen. |
| Backups | Off-device backups; test restore. |
| Browser | Review extensions and permissions. |
| Apps | Audit installed apps and permissions. |
Worked: A Phishing Smell-Test
If a message:
- Pressures urgency, OR
- Asks for credentials / MFA codes / money, OR
- Has a mismatched sender / domain, OR
- Has a link whose actual destination differs from its text,
โฆtreat as phishing until proven otherwise. Verify out-of-band.
Worked: Recovering A Compromised Account
- Sign out from all sessions.
- Change password (long, unique, manager-stored).
- Reset MFA; remove old factors.
Part 7: AP Review
๐ Safe Computing
Part 7 of 7 โ AP Review
AP Exam Recap โ Safe Computing
Concept Check ๐ฏ
Final Vocab
| Term | Definition |
|---|---|
| Password manager | Stores unique strong passwords. |
| MFA | Multi-factor authentication. |
| Phishing | Social-engineering attack. |
| Default credentials | Out-of-box passwords. |
| Patch | Software security update. |
| Backups | Off-device data copies. |
| Threat modeling | Identifying realistic adversaries. |
| Passkey | Phishing-resistant device credential. |
| Identity provider | Account that unlocks many services. |
Common Pitfalls
- Reusing passwords across sites.
- Skipping MFA on email.
- Sharing MFA codes.
- Ignoring TLS warnings.
- Leaving default device credentials.
- No off-device backups.
- Treating safe computing as one-time, not ongoing.
Applied Recall โ๏ธ