🛡️ Module 6

Digital Safety & Responsible Use

⏱ 8 hoursEssential10 topics
🎯 By the end: Students can protect themselves and their data in the digital world.

The internet is a wonderful place — but like any busy place, it has a few people who try to trick others. The good news is that staying safe online is mostly about a handful of simple habits. In this module we go through them calmly, one at a time. You don't need to be a technology expert. By the end you'll know how to make strong passwords, switch on extra protection for your accounts, recognise a scam when you see one, and behave kindly online. Take it slowly, and try each step on your own phone or computer as you read.

1Why online safety matters — real-life examples

When you go online, you carry valuable things with you — your money, your photos, your messages, and your good name. Online safety simply means looking after these things, the same way you lock your front door or keep your purse close in a crowded market.

Most trouble online doesn't come from clever hackers in films. It comes from everyday tricks aimed at ordinary people. Here are a few real situations that happen every day:

  • A text message says "You have won ₹25,00,000 in a lucky draw! Click here to claim." — but there was no lucky draw, and the link steals your details.
  • An email looks like it's from your bank, warning that your account is locked. It asks you to "verify" your password on a fake page.
  • Someone you don't know sends a friendly message, becomes chatty over a few days, then asks to borrow money.
What is a scam? A scam is a dishonest trick designed to take your money or information by pretending to be something it is not.

None of this should frighten you off the internet. Think of these habits like wearing a seatbelt — a small, easy step that quietly protects you. Once they become routine, you'll barely think about them.

The golden rule of online safety: if something feels too good to be true, or it rushes you to act right now, slow down. Genuine people and real companies don't mind you taking your time.
Key points
  • Online safety means protecting your money, accounts, photos and good name.
  • Most online trouble comes from simple everyday tricks, not film-style hackers.
  • If an offer seems too good to be true or rushes you, pause and check before acting.

2Creating strong passwords and managing them

A password is the key to your account. A weak key is easy to copy; a strong key keeps strangers out. The best modern advice is simple: make your password long. Length matters far more than fancy symbols.

The easiest way to make a long password you can actually remember is a passphrase — three or four random words joined together, perhaps with a number or symbol. It's long, but easy for you to recall.

What is a passphrase? A passphrase is a password made from several words, like BlueMango7Tractor!. It's long enough to be safe but simple enough to remember.
Weak passwordWhy it's riskyStrong passphrase
123456The most common password in the world — guessed in seconds.RiverElephant42Sky
passwordThe first thing anyone tries.Quiet-Tiger-Lamp-9
Rahul2000Your name and birth year are easy to find.MangoCloud!Bicycle

Build a strong passphrase

1
Pick three or four random, unrelated words — the sillier, the better (turtle, lamp, mango).
2
Join them together and add a number and a symbol, for example TurtleLamp7Mango!
3
Use a different password for each important account, so one leak can't unlock everything.
Never do this: never use the same password everywhere, never use your name, birthday or phone number, and never share a password by message or email — not even with someone claiming to be from a company.

Can't remember dozens of passwords? That's normal. A password manager is a trustworthy app that remembers them all for you, locked behind one strong master passphrase. It's like a secure keyring for your digital keys.

Key points
  • Length beats complexity — a passphrase of 3–4 random words is strong and memorable.
  • Use a different password for each important account; never reuse one everywhere.
  • A password manager can safely remember all your passwords behind one master key.

3Two-step verification (2FA) — what it is and how to set it up

Even a strong password can sometimes leak. That's why the single best thing you can do for your accounts is switch on two-step verification, often called 2FA.

What is 2FA? Two-step verification (2FA) adds a second check after your password — usually a one-time code sent to your phone or shown in an app. Even if a thief learns your password, they can't get in without that second step.

Think of it like a bank locker that needs both your key and the bank's key. Knowing one is not enough.

There are two common types of second step:

  • A code by SMS — a short number texted to your phone. Easy to use, and far better than nothing.
  • An authenticator app — a free app on your phone (such as Google Authenticator or Microsoft Authenticator) that shows a fresh code every 30 seconds. This is the safer of the two and is recommended.

Turn on 2FA for your email

1
Open your email account's Settings, then look for Security.
2
Find Two-step verification (or "2-Step Verification" / "Two-factor authentication") and choose Turn on.
3
Choose how you'll get codes — an authenticator app is best. Follow the on-screen steps to link it.
4
Save the backup codes it gives you somewhere safe (write them down). They let you in if you ever lose your phone.
Never share your OTP. A one-time password (OTP) or 2FA code is private. No genuine bank, company or official will ever phone or message you asking for it. Anyone who does is trying to break into your account — hang up.
Key points
  • 2FA adds a second check (a one-time code) on top of your password.
  • An authenticator app is safer than SMS codes; save backup codes in case you lose your phone.
  • Never share your OTP or 2FA code — no real company will ever ask you for it.

4Recognising fake websites and phishing emails

Phishing is when a scammer pretends to be someone you trust — your bank, a delivery company, a popular shop — to trick you into giving away passwords, card numbers or money.

What is phishing? Phishing (said "fishing") is a fake message or website designed to "fish" your private information out of you by pretending to be genuine.

A classic example: an email arrives saying "Your account has been locked due to unusual activity. Click here within 24 hours to restore access." The link leads to a fake page that looks just like the real one. Whatever you type there goes straight to the scammer.

Red flags of a phishing message

Warning signWhat it looks like
Urgency & threats"Act now or your account will be closed!" — pressure to make you panic.
Odd sender addressAn email from support@amaz0n-security.co instead of the real company.
Spelling mistakesClumsy grammar and typos a real company wouldn't publish.
Asks for secretsRequests your password, full card number, PIN or OTP.
Strange linksA link that hovers to a web address nothing like the real site.

To check where a link really goes, hover your mouse over it (on a phone, press and hold) and read the web address that appears. If it doesn't match the real company, don't click.

Genuine red flag: a real bank, government office or company will never email or text you a link asking you to "confirm your password" or "verify your card details". When in doubt, ignore the message and visit the official website by typing its address yourself.
Look for the lock, but don't trust it alone. A small padlock and https:// mean the connection is private, but scammers can have those too. Always check the website's full address is exactly right.
Key points
  • Phishing messages pretend to be a trusted company to steal your information.
  • Red flags: urgency, odd sender addresses, spelling mistakes, and requests for passwords or OTPs.
  • When unsure, don't click — go to the official website by typing its address yourself.

5What personal information never to share online

Some details about you are like the keys to your life. Once they're out in public, you can't pull them back. A good habit is to think before you post or type anything: would I shout this across a crowded railway station? If not, keep it private.

Information to keep private

  • Passwords, PINs and OTPs — never, to anyone, ever.
  • Your full bank account number, debit/credit card number, CVV and card PIN.
  • Your home address and exact daily routine, especially on public posts.
  • Your Aadhaar number, PAN, passport number and other ID numbers.
  • Photos of documents like your ID card, ticket or boarding pass.
Why it matters: scammers piece together small details to pretend to be you — this is called identity theft. A birthday here, a pet's name there, an address from a photo... together they can be enough to fool a bank.

Be especially careful with oversharing on social media. Posting "Off to Goa for two weeks!" quietly tells strangers your home is empty. Sharing a photo of your new house keys or a plane ticket can reveal more than you think.

Helpful habit: share holiday photos after you're back home, not while you're away. Your memories are just as good a few days later — and your home stays private.
Watch out: those fun quizzes asking "What was your first pet's name?" or "Which street did you grow up on?" often ask the exact questions banks use to verify you. Don't answer them publicly.
Key points
  • Never share passwords, OTPs, card numbers, PINs or ID numbers online.
  • Oversharing on social media (like holiday plans) can tell strangers your home is empty.
  • Avoid public quizzes that ask security-question answers like your first pet or street name.

6Safe and responsible social media usage

Social media — WhatsApp, Instagram, Facebook, YouTube and the rest — is a lovely way to stay in touch and learn new things. A few sensible settings and habits keep the experience pleasant and safe.

Set up your account safely

1
Open the app's Settings and find Privacy.
2
Set your account to Private if you only want people you know to see your posts.
3
Review who can message you, comment, and see your profile photo or status.
4
Turn on 2FA for the account (you learned how in Topic 3).

Beyond settings, a little judgement goes a long way:

  • Think before you forward. A lot of what spreads on social media is false. If a message claims something shocking, check a trusted news source before sharing it.
  • Be cautious with friend requests from people you don't know. Fake profiles are common.
  • You can block and report. If someone is rude, abusive or pushy, every app has a Block and Report button — use it without guilt.
What is misinformation? Misinformation is false information that spreads, often by well-meaning people forwarding it. Pausing to check before you share helps stop it.
A calming habit: if a post makes you angry or scared, that's exactly when to slow down. Strong emotions are how false news travels fastest. Check first, share later — or not at all.
Key points
  • Use privacy settings and turn on 2FA to control who sees and contacts you.
  • Check before forwarding — much of what spreads on social media is false.
  • Block and report rude or suspicious accounts; be wary of unknown friend requests.

7Understanding antivirus software and keeping it updated

A virus is a harmful program that sneaks onto your computer or phone and causes trouble — slowing it down, stealing information, or locking your files. Antivirus software is a guard that watches for these harmful programs and stops them.

What is malware? Malware is the general word for any harmful software — viruses are one kind. Antivirus software protects against malware in general.

The good news: if you use a modern Windows computer, you already have a capable built-in guard called Windows Security (also known as Microsoft Defender). For most everyday users it works quietly in the background and is enough — you don't need to buy anything extra.

Check your antivirus is on (Windows)

1
Click the Start button and type Windows Security, then open it.
2
Look for Virus & threat protection. A green tick means you're protected.
3
Make sure protection is turned On and that updates are allowed to install automatically.
Keep it fresh. New viruses appear all the time, so antivirus software needs regular updates to recognise them. Letting it update automatically means you're always protected — there's nothing for you to do.
Avoid the trap: if a website suddenly shouts "Your computer is infected! Download this cleaner now!", that pop-up is the trick. Real antivirus software never warns you through random web pop-ups. Close the page and don't download anything.
Key points
  • Antivirus software guards your device against viruses and other harmful programs (malware).
  • Windows has a free built-in guard, Windows Security, that's enough for most users.
  • Pop-ups screaming "your computer is infected!" are scams — close them, don't click.

8Software and operating system updates — why they matter

Every so often your phone or computer asks to update. It's tempting to keep tapping "Later", but those updates are one of the simplest and most important ways to stay safe.

What is an update? An update is an improved version of an app or your device's main software (its operating system, like Windows or Android). Updates fix bugs, add features, and — most importantly — close security gaps that scammers could use.

Think of it like fixing a small crack in your wall before the rains come. Software companies are always finding and patching weak spots. When you update, you get those repairs. When you don't, the weak spots stay open.

Update your computer or phone

1
On Windows: open Settings, choose Windows Update, and click Check for updates.
2
On a phone: open Settings, find Software update (or "System update"), and tap to install.
3
Let your apps update too — turn on automatic updates in your app store so you never have to remember.
Pick a good moment. Updates sometimes restart the device, so install them when you've saved your work — overnight is ideal. Once automatic updates are on, this all happens quietly without you lifting a finger.

That single habit — letting things update — quietly protects you from a huge number of online threats, for free.

Key points
  • Updates fix bugs and close security gaps that scammers try to exploit.
  • Update both your operating system (Windows/Android) and your individual apps.
  • Turn on automatic updates so protection happens quietly without you remembering.

9Cyberbullying — recognising it and what to do

Most people online are kind, but a few are not. Cyberbullying is when someone uses the internet to repeatedly hurt, threaten, embarrass or harass another person. It can happen to anyone, at any age, and it is never the victim's fault.

What is cyberbullying? Cyberbullying is bullying that takes place online — through messages, comments, fake posts, or sharing someone's private photos without permission.

It can look like:

  • Repeated nasty or threatening messages and comments.
  • Spreading rumours or sharing embarrassing photos of someone.
  • Leaving someone out of group chats on purpose to hurt them.
  • Creating fake accounts to pretend to be, or mock, another person.

What to do if it happens

1
Don't reply. Bullies want a reaction. Staying silent removes their fuel.
2
Save the evidence. Take screenshots of the messages before anything is deleted.
3
Block and report the person using the app's built-in buttons.
4
Tell someone you trust — a parent, teacher or friend. You don't have to handle it alone.
If you feel threatened or unsafe, this is serious. In India you can report online abuse at the National Cyber Crime portal (cybercrime.gov.in) or call the helpline 1930. Speak to a trusted adult right away.
And the other way round: if you see someone being bullied online, a kind word of support, or simply reporting the bully, can make a real difference. Be the person who helps.
Key points
  • Cyberbullying is repeated online harassment — and it is never the victim's fault.
  • Don't reply, save screenshots as evidence, then block, report and tell someone you trust.
  • If you feel unsafe, report to cybercrime.gov.in or call the 1930 helpline in India.

10Digital etiquette — behaving respectfully online

Safety isn't only about protecting yourself — it's also about being a good citizen of the internet. Digital etiquette (sometimes called "netiquette") is simply good manners online. The simplest rule of all: treat people online the way you'd treat them face to face.

What is netiquette? Netiquette is short for "internet etiquette" — the everyday courtesy and respect we show others when we're online.

A few habits make you a pleasure to deal with online:

  • Be kind and patient. There's a real person reading your message. A little warmth goes a long way.
  • Don't type in ALL CAPITALS. Online, writing in capitals reads as SHOUTING — it comes across as angry even when you don't mean it.
  • Think before you post. Once something is online, it can be screenshotted and stay forever. Ask: would I be happy for my family to read this?
  • Respect others' privacy. Don't share someone's photos, messages or details without asking.
  • Give credit. If you share someone's work, photo or words, name the person who made it.
  • Disagree politely. It's fine to differ — attack the idea, never the person.
A simple test before you post: is it true, is it kind, and is it necessary? If a message fails any of these, it's usually better left unsent.

You've now reached the end of Module 6. Being safe and respectful online is a skill you'll use every single day. Try the practical task below, then take the short quiz to lock in what you've learned. Well done.

Key points
  • Digital etiquette (netiquette) means treating people online with the same respect as in person.
  • Avoid ALL CAPS (it reads as shouting); think before posting since things online can last forever.
  • Before posting, ask: is it true, is it kind, and is it necessary?

★ Practical Task — Lock down your accounts

Put this module into practice on your own phone or computer. There's nothing to submit — the goal is to make your real accounts safer, today.

  1. Create a strong passphrase using three or four random words plus a number and a symbol.
  2. Change the password on your most important account (usually your email) to that new passphrase.
  3. Turn on two-step verification (2FA) for your email account, choosing an authenticator app if you can.
  4. Save your 2FA backup codes somewhere safe, like written in a notebook.
  5. Open one social media app and set your account to Private in the Privacy settings.
  6. Check your device for updates and let any pending updates install.
  7. Read a sample 'your account is locked' message and list the red flags you can spot.

Ready to test yourself?

Take the short module quiz. Score 60% or more to mark this module complete.

Start the quiz →

💡 Log in to save your progress and earn the certificate.

← Previous
Internet & Email: Browsing the Web
Next →
Cloud Tools & Digital Productivity