Password safety
Use long passphrases, unique per site, with MFA.
Secure habits, big impact
Cyber Hygiene Guide
Practical steps to stay safe online: strong passwords, smart social settings, safer browsing, and malware awareness—plus an interactive quiz and certificate.
Focus: passphrases, MFA, updates, phishing caution, and backups.
Learning path
Complete each step to unlock the final quiz and earn a certificate. Progress is stored locally in your browser.
Step 1: Passwords
Passphrases, manager, MFA.
Step 2: Social
Privacy, sharing, 2FA.
Step 3: Browsing
Updates, links, HTTPS.
Step 4: Malware
Red flags, backups.
Path status
Complete all 4 steps to unlock the quiz and certificate.
Password safety
Use long passphrases, allow all characters, avoid forced resets; add MFA and a password manager to reduce account takeover risk.
Use a long passphrase
Prefer 15+ characters; length beats complexity, spaces allowed for usability.
Block breached passwords
Check against known-compromised lists; never truncate during verification.
Enable MFA (avoid SMS when possible)
Use authenticator apps, hardware keys, or passkeys for stronger protection.
No forced resets
Change after compromise or suspicion; forced cycles weaken choices.
Developer: allow paste, store with slow salted hashing, throttle login attempts.
Safe browsing
Keep systems updated, verify links, and prefer HTTPS on sites handling any sign-in or payments.
Update automatically
Enable auto‑updates for OS, browsers, and extensions.
Verify before clicking
Hover to inspect URLs and check domain spelling; avoid unexpected attachments.
Use HTTPS
Lock icon is not enough—ensure the domain is correct.
Limit extensions
Install from trusted publishers and remove unused ones.
Public Wi‑Fi caution
Avoid sensitive logins on open networks; consider a reputable VPN.
Cloud accounts: least privilege, review tokens, monitor sign-ins.
Malware awareness
Spot common red flags, keep reputable endpoint security, and follow the 3‑2‑1 backup rule to reduce ransomware impact.
Know the red flags
Fake update popups, unexpected installers, macro prompts, cracked software sites.
Protect and limit
Use real-time protection, run daily as non‑admin, allow only needed apps.
Back up with 3‑2‑1
Keep 3 copies on 2 media with 1 off‑site/immutable.
If infected, act fast
Disconnect, note symptoms, scan/quarantine, restore clean backups, rotate credentials.
India: UPI & SIM/eSIM safety
UPI fraud red flags
Never approve collect requests not initiated; don’t scan unknown QR; no agent needs OTP/UPI PIN—if scammed, call 1930 and file at cybercrime.gov.in.
SIM/eSIM swap awareness
Carriers won’t ask OTP to “upgrade eSIM”; sudden loss of network can indicate a swap—contact carrier and bank immediately; prefer app/passkey MFA.
Report fraud
Use helpline 1930 or National Cybercrime Reporting Portal; suspicious calls/SMS/WhatsApp can be reported via Sanchar Saathi Chakshu.
Scenarios: spot the scam
Pick the safest action for each situation and see instant feedback.
Scenario 1: “KYC update” SMS with link
Message claims bank account will be frozen unless KYC is updated via a short link today.
Correct: use official channels; unsolicited KYC links are phishing—report if at risk.
Not safe. Use the official app/site only.
Scenario 2: Random QR to “receive refund”
A seller asks to scan a QR to get a refund instantly.
Correct: refunds don’t require scanning unknown QR or entering PIN.
Not safe. Scanning and entering PIN authorizes a payment out.
Scenario 3: eSIM upgrade call
Caller claims to be from carrier, asks OTP to “complete eSIM upgrade”.
Correct: OTP enables SIM takeover; contact carrier yourself.
Not safe. OTP sharing enables takeover.
Quiz
Complete the learning path to unlock the full 14-question quiz. You'll see immediate feedback and can generate a certificate.
Quiz requires all path steps completed to unlock (unless unlocked by admin).
Social media safety
Tighten privacy, curate followers, think before posting; enable 2FA to protect identity and reputation.