Cyber Defender — Safe Computing Drill
A 5-minute gamified AP CSP lesson on safe computing. Spot phishing, forge strong passwords, and match cyber threats to defenses.
Cyber Defender: Safe Computing Drill
AP CSP Big Idea 5 (and 4) · ~5 minute lesson · Phishing, passwords, threats, encryption
3 mini-games
Earn a Defender Rank
Exam-ready
What is Safe Computing?
- The core idea: Safe computing is the combination of habits (skepticism, good passwords, careful sharing) and technology (encryption, MFA, anti-malware) that protects your data, identity, and devices from attackers.
- PII (Personally Identifiable Information): Any data that could uniquely identify you — full name, address, SSN, date of birth, school ID, biometric data. The fewer places it lives, the smaller the attack surface. Treat PII like cash: only share it when absolutely necessary.
- Phishing: Fake messages (email, text, DM) that impersonate trusted senders to trick you into clicking malicious links, entering credentials on fake sites, or sending money. Red flags: urgency, generic greetings, mismatched domains, unexpected attachments.
- Malware: Software designed to harm or exploit. Viruses attach to files, worms spread by themselves, trojans hide inside legit-looking apps, and ransomware encrypts your files and demands payment to unlock them.
- Strong authentication: Long unique passwords (12+ characters, mixed types) stop guessing. MFA (multi-factor authentication) adds a second proof — something you have (phone, key) or are (fingerprint) — and blocks ~99% of automated account attacks even if your password leaks.
- Encryption: Scrambles data so only the holder of the right key can read it. Symmetric uses one shared key (fast, used after a connection is set up). Public-key (asymmetric) uses a public key to encrypt and a private key to decrypt — this is what powers HTTPS, digital signatures, and secure messaging.
- Why it's on the AP exam: Big Idea 4 tests cybersecurity (HTTPS, encryption, authentication) and Big Idea 5 tests the ethical/legal/social impacts (privacy, PII, digital footprint). Expect MCQs on identifying threats and FRQs on explaining defenses.
The 30-second briefing
PII — personally identifying info (SSN, address, DOB). Never share it casually online.
Phishing — fake messages tricking you into clicking, paying, or revealing data.
Malware — virus, worm, trojan, ransomware. Software designed to harm.
Strong password — long, mixed case, digits, symbols, unique per site.
MFA — 2nd factor (code/app/biometric). Stops 99% of password attacks.
Symmetric key — same key encrypts & decrypts (fast). Both sides must know it.
Public key — encrypt with public, decrypt with private. Powers HTTPS & signing.
Keylogger — silently records keystrokes; a reason to use MFA.
Mini-game 1 — Phish or Pass?
Inspect 4 emails and decide which are scams.
HOW TO PLAY
For each email, read the sender, subject, and body. Click Phish if it looks like a scam, or Safe if legit. The verdict and explanation appear instantly. Watch for: urgency, weird domains, prize bait, "verify your account" demands.
Mini-game 2 — Password Forge
Build a password that satisfies all 6 strength rules.
HOW TO PLAY
Type any password into the box. The strength bar grows from red → blue → green as you hit more rules. Each satisfied rule lights up. Goal: turn every check green for "Fortress-grade." Try a passphrase like
Pizza-Time-2026!.
Why it matters: Each extra character multiplies the time to brute-force. A 12-char mixed password is exponentially harder to crack than an 8-char one. MFA beats even a weak password.
Mini-game 3 — Match the Threat
Pair each cyber threat with the right defense.
HOW TO PLAY
1. Click a threat on the left (yellow outline = selected). 2. Click the matching defense on the right. Right answers turn green and lock in; wrong answers flash red. Goal: match all 6 to earn the Cyber Defender badge.
Threats / Terms
Defenses / Definitions
Lock it in — quick check
- An email says "URGENT: click here to keep your account active." Verdict? (phishing — urgency + suspicious link)
- HTTPS uses which kind of cryptography? (public-key / asymmetric for the handshake, then symmetric for speed)
- Best single upgrade for account safety? (turn on multi-factor authentication)