Lesson 10: Protecting Data 2


This lesson is a guided tour of multifactor authentication and software updates that students can use to protect their data. Following these discussions, students are introduced to a stimulus question where they will apply their knowledge gained throughout the unit to answer questions about an innovations data, benefits and harms, effects, and security or privacy concerns.


This lesson serves two purposes. The first is to provide the final pieces of content students need to know in this unit - related to multifactor authentication and virus scanning software. These are tools students can use to protect the data. The second purpose of this lesson is to introduce stimulus questions to students. These types of questions show up on the AP Computer Science Principles exam and involve a series of questions about a fictitious computing innovation.


Lesson Modifications

Warm Up (5 mins)

Activity (35 mins)

Wrap Up (5 mins)

View on Code Studio


Students will be able to:

  • Explain the benefits of multifactor authentication
  • Discuss the benefits of computer virus scanning software and the need for regular updates
  • Thoughtfully answer a stimulus question


  • Preview the slides
  • Read through the stimulus question


Heads Up! Please make a copy of any documents you plan to share with students.

For the Teachers


Report a Bug

Teaching Guide

Lesson Modifications

Attention, teachers! Coming soon. Check back for these materials September 4th.

Warm Up (5 mins)


In the previous lesson we discussed how your data is protected through encryption. Today we are going to focus on what you can personally do to keep your data protected.

Discussion Goal

Students should discuss good password management, building off of their knowledge from earlier in the unit. The following slide contains best practices, but your students may have some more concrete suggestions for how they craft complex but memorable passwords.

Prompt: What strategies do you use when creating a good password?

  • Note: Make sure students don't reveal any of their current passwords in the discussion!


A good password is easy to remember, but hard for someone else to guess based on knowledge they have about you.

If your password is your dog's name and your birthdate, that's all personal information that someone else might be able to guess!

Activity (35 mins)

Protecting Data (15 mins)

Display: Use the activity slides for this lesson to guide the discussion on Protecting Data

Slides                     Speaker Notes
Say: There are things you can do to protect your data. The first one we are going to talk about is multifactor authentication.
Say: When we discussed passwords in the Warm Up, this was an example of single factor authentication. There is one layer of protection, that is centered around something you know: your password.

Click through animation
Say: Two factor authentication adds another layer.

Prompt What do you think is another way of protecting your data?

Click through animation

Say: In addition to something you know, another layer is something you possess like a phone. Have you ever been required to put a phone number in when getting a password authenticated? Sometimes a text will be sent to your phone with a code to enter in, proving that you are the person who has the phone. This layer means someone who just guesses your password can't get in to your account - they would also need access to your phone.
Prompt: What are the problems with this system? How could it be hacked?

Goal: Guide the discussion towards the answer that a phone could be stolen or a sim card lost.
Prompt: There's another layer that can be used to protect your data. Can anyone guess what it is?

Click through animation

Say: If you guessed something physical or perhaps "biometrics", you are correct!

Click through animation

A fingerprint is an example of this. A retina scan of your eye is another example. These three options: something you know, something you possess, and something you are make up multifactor authentication, which involves at least two of these options and preferably all three. If someone tried to access your account, they would be required to know your password, have access to your phone and your fingerprint!
Prompt: Why is this better than Single Factor Authentication? What are the challenges with the system? Is it worth any of the risks?

Note: Allow students time to think through these prompts, perhaps in small groups before having a whole class discussion. Multifactor authentication can keep data more protected than single factor authentication, but it requires extra steps which add time and often money (the cost of a phone, etc.). There are also privacy concerns with having your fingerprints or retina scanned.
Say: Another way to protect your data involves updating your software.
Say: Let's review. What is a virus?

Note: Give students an opportunity to glance through the notes and review computer viruses from lesson 7.
Say: Do you remember how to protect your device from a computer virus?

Note: Allow students to suggest different forms of protection before clicking through the animation.

Click through animation

Say: Two things you can do: use virus scanning software and update system software. You could also say, keep all software updated!
Say: Data protection is a moving target. It's not a one and done process. It's not enough to install virus protection software and never thing about it again! New viruses and threats are constantly being developed - you need to keep your software up to date and use the best authentication practices you can in order to keep your data safe!
Video: Play the video to review the concepts.

Single-Select Questions with Reading Passage (SSQRP) (20 mins)


Now we are going to shift gears and discuss Single-Select Questions with Reading Passage or SSQRP. What is SSQRP?

Over the course of this unit you've learned a lot about computing innovations. SSQRP is designed to assess how well you understand the various issues surrounding computing innovations. The good news is, you aren't expected to have any prior knowledge about the computing innovations discussed in these questions - they are all made up. You will have a short reading passage followed by five multiple choice quesions that focus on data, purpose and effect, benefits and harms, and security concerns. SSQRP is present on the AP CSP exam, and there will be two in the end of unit assessment.

Distribute: hand out the SSQRP resource.

Do This: Direct students to take a few minutes to read the information about the computing innovation. They do not need to memorize anything - they can look back at the paper at any time while answering the questions.

Do This: Read through the slide as a class. This slide introduces the two categories from which questions will be pulled. These questions will be similar to the ones on the slide - but relevant to the computing innovation being discussed. Students should not answer these questions yet - this is just a preview of the types of questions they can be asked.

Sample Questions: Go through the next five slides one a time, allowing students time to think through the question, discuss with a partner and vote on the answer as a class. Don't forget to click through the animation to see the answer!


And that's SSQRP! Hopefully you saw through this example the steps of reasoning through the answers and applying your knowledge of the issues related to computing innovations.

Wrap Up (5 mins)


In the first half of class, we discussed protecting data. Let's review that.

Discussion Goal

If students are struggling with answering this question, prompt them with more specific questions:

  • How will you decide on your next password?
  • Will you use two-factor or multifactor authentication when you have the opportunity?
  • How often do you update your software?
  • How up to date is the software on your devices?

Prompt: Discuss with a partner how you plan to protect your data.

Journal: Students add to their journals the definitions for: multifactor authentication and computer virus scanning software.

Assessment: Check For Understanding

Check For Understanding Question(s) and solutions can be found in each lesson on Code Studio. These questions can be used for an exit ticket.

Question: Reflection: What concerns do you have about multifactor authentication? Is it a good long term solution for data privacy?

Standards Alignment

View full course alignment

CSTA K-12 Computer Science Standards (2017)

NI - Networks & the Internet
  • 3A-NI-06 - Recommend security measures to address various scenarios based on factors such as efficiency, feasibility, and ethical impacts.
  • 3A-NI-07 - Compare various security measures, considering tradeoffs between the usability and security of a computer system.
  • 3B-NI-04 - Compare ways software developers protect devices and information from unauthorized access.


IOC-2 - The use of computing innovations may involve risks to your personal safety and identity
IOC-2.B - Explain how computing resources can be protected and can be misused.
  • IOC-2.B.1 - Authentication measures protect devices and information from unauthorized access. Examples of authentication measures include strong passwords and multifactor authentication.
  • IOC-2.B.10 - All real-world systems have errors or design flaws that can be exploited to compromise them. Regular software updates help fix errors that could compromise a computing system.
  • IOC-2.B.11 - Users can control the permissions programs have for collecting user information. Users should review the permission settings of programs to protect their privacy.
  • IOC-2.B.2 - A strong password is something that is easy for a user to remember but would be difficult for someone else to guess based on knowledge of that user.
  • IOC-2.B.3 - Multifactor authentication is a method of computer access control in which a user is only granted access after successfully presenting several separate pieces of evidence to an authentication mechanism, typically in at least two of the following categorie
  • IOC-2.B.4 - Multifactor authentication requires at least two steps to unlock protected information; each step adds a new layer of security that must be broken to gain unauthorized access.