Congratulations!
You scored %%SCORE%% out of %%TOTAL%%.
Your performance has been rated as %%RATING%%
Question 1 |
pa$$w0rd1965 Hint: Whoops! pa$$w0rd1965 is better than “password”, but not by much. Some variation of “pa$$w0rd” in combination with a birth year has doubtless been used many times before—and hackers know this. A computer can run through all the possibilities in a matter of seconds, making a password like this one easy to hack. | |
yesterdayallmytroublesseemedsofaraway Hint: Good guess, but not quite right. John, Paul, George and Ringo are household names, which is why this passphrase, although long, is not particularly secure. Computers are powerful enough to try millions of common phrases and well-known song lyrics in the blink of an eye—and as bands go, it doesn’t get much more well-known than the Fab Four. A good rule of thumb is that if you can search for and find a particular string of words in a search engine, it’s better to use something else as your passphrase. | |
123456 Hint: Oh no! This one isn’t very strong at all. Common, simple, and trivially easy for a computer to crack. | |
MarkandRuth2002 | |
None of the above Hint: Correct!All the other choices have problems. Your passwords should not rely on publicly available strings of words like famous song lyrics or common variants on the word “password” (e.g. pa$$w0rd), nor should they use common personal details like the account owner’s name in conjunction with birth or anniversary years.The best passwords and passphrases are long, contain a mix of uppercase and lowercase letters, and include numbers and special characters. Worried about remembering it all? Don’t try! Get a reputable password manager like Dashlane, iCloud Keychain, or 1Password. |
Question 2 |
True Hint: Not true! There is a way to check for yourself. Click on the correct answer to find out how. | |
False Hint: Correct!Websites like haveibeenpwnd.com or tools like Google Chrome’s Password Checkup extension allow you to check your accounts to see if they've been part of a known data breach. |
Question 3 |
True Hint: Correct!Re-using passwords is never recommended, and when it comes to password security, there’s no such thing as an “unimportant account”. This is because even small or relatively obscure websites can be hacked—and criminals trade and sell lists of passwords and usernames on the dark web, allowing other malicious actors to try out these credentials on larger sites. | |
False Hint: Oh no! You’re not reusing passwords, are you? Click on the correct answer to learn why this is a bad idea... |
Question 4 |
Government and law enforcement agencies Hint: The CIA can see you. But it’s not just them… | |
Your network administrator, Internet service provider (ISP), and VPN provider Hint: Anyone who controls network traffic can see your activity, even if you’re Incognito. But they’re not the only ones... | |
Hackers who have intercepted network traffic Hint: Sure, but it’s not only the bad guys. | |
A and B only Hint: Almost. But it’s worse than you think. | |
A, B, and C Hint: Correct!Anyone who controls or routes network traffic will be able to see your activity when you’re in Private Browsing mode. This includes network admins, ISPs and VPNs. Similarly, those with the tools and know-how to intercept and monitor traffic can see what you’re doing as well. This means legitimate law-enforcement personnel, intelligence agencies foreign and domestic, and outright cybercriminals. |
Question 5 |
Phishing Hint: Phishing attacks are definitely something to watch out for, but your backups won’t help you if you send your bank account login details to an attacker. | |
Trojan Horse Hint: Trojan Horse malware, as the name implies, disguises itself as something harmless so that you download it onto your system. Definitely tricky, but having backups won’t protect you from these in all cases. | |
Ransomware Hint: Correct!This type of malware works by encrypting your files or locking you out of your system until you pay a ransom to the attackers. If you have backups of your files or systems, though, you won’t be at the mercy of cybercriminals. Be aware that some ransomware is designed to remain dormant on a system for a while before activating, giving it time to infect backup files as well. Very sneaky. So make sure your backup solution includes some kind of malware detection to warn you if there seems to be malicious software in the files you’re backing up. | |
Man-in-the-middle (MITM) attacks Hint: MITM attacks refer to hackers positioning themselves “in the middle” of two parties who are communicating with one another (or who think they’re communicating with one another). The hacker will then relay or alter the messages sent between those parties for malicious purposes. The best defenses against MITM attacks are strong endpoint authentication protocols and well-secured networks. |
Question 6 |
If I’m using an iPhone with Face ID, my phone can't be unlocked if I’m asleep.
True Hint: Usually true, but not always. Click on the correct answer to make sure your iPhone is working as intended. | |
False Hint: Correct!While Face ID is designed to work this way, it only functions as intended when a device’s “Require Attention” feature is enabled. Require Attention is used to prevent accidental unlocks and to keep Face ID from being used to unlock a sleeping person’s phone. However, some users disable this feature in a bid to make their iPhone open faster—which means their device can now be unlocked with their sleeping face. So if you’re using an iPhone with Face ID, be sure that Require Attention is enabled. You can find it under Settings > General > Accessibility. |
Question 7 |
Which of the following is not a typical sign of a phishing email?
The email was unsolicited and asks you to confirm password information or sensitive account details Hint: This is generally a bad sign. Legitimate emails from banks or service providers will almost never ask for this kind of information. And no, the IRS or Apple will never call you on the phone to resolve an account issue. | |
The email address of the sender uses subdomains or extra characters Hint: This is a common trick used by malicious actors to make an email address seem like it comes from a legitimate organization, even though it’s anything but legit. Be on the lookout for addresses like payments@netflix123.com or refunds@irs.gov.cc. | |
The email was unsolicited and contains a clickable “unsubscribe” link at the bottom Hint: Correct!While a phishing email might try to make use of an unsubscribe link to redirect you to a malicious website, these links are required by most mass mailing services (and in some places, by law) and will be found in almost all corporate email communications. In and of themselves, they’re nothing to worry about. | |
Hovering the mouse pointer over a URL link that you’re asked to click on reveals a different destination address. Hint: This is generally an excellent sign that an email is a phishing attack. If the link that you’re supposed to click reads “www.uber.com/accounts/new/rewards” but holding your mouse over this text indicates that you’ll instead be taken to “www.uber.fakewebsite.com/accounts/new/rewards”, don’t click! | |
The email was unsolicited and contains an attachment of some kind Hint: Another very common tactic that phishing emails use is to attach a malicious payload in the form of an attachment, often disguised as something innocent like a PDF or Word document. Never download something that you’re not sure about. Always use antivirus software to scan attachments before opening them. |
Question 8 |
Using hotel or airport Wi-Fi is reasonably safe if I’m using a VPN
True Hint: Correct!While you should never connect to a completely unprotected public Wi-Fi network, and while even password protected public networks may be compromised or poorly secured, a reputable VPN is a good way to make use of free Wi-Fi without sacrificing your security and privacy. VPNs add a layer of encryption to outbound and inbound data, allowing you to send and receive information securely. | |
False Hint: You’re more paranoid than we are! Public Wi-Fi can be sketchy, but using a VPN on a public network is generally considered secure. You might want to avoid those USB jacks in the airport lounge, though—no telling who installed them. |
