Almost every significant data breach starts by compromising an end-point device. And the easiest way to do that is to steal some user credentials. It's why the theft of credentials from Yahoo!, Ashley Madison and other large companies are such a big deal. Many people use the same usernames and passwords on multiple sites. But what if your access to a site was governed by something other than a username and password? This is where the YubiKey fits in.

In case you missed it - May 2 is World Password Day. And while this confected "special day" is a weird thing to celebrate, it's a good time to reflect on whether we are all following good password practises.

Earlier this week, Microsoft announced that they will be pushing forward with its vision for a password-less future. Anyone following the company's moves, and indeed those of a number of other companies, can see that the use of a username/password combination to prove identity has been on shaky ground for some time. The theft of large numbers of user credentials through a number of major breaches over the last five years has almost completely undermined the use of these credentials. But what's next?

While Facebook has faced massive scrutiny over the last year when it comes to privacy and security, their other major social network, Instagram, has managed to stay clear of the spotlight. Until now. Over the weekend, it was revealed that a new security flaw could have inadvertently exposed Instagram passwords to public view.

Just last week, Instagram confirmed reports that it's working on modifications to its two-factor authentication setup that will allow you to create passcodes in your favourite security app - like Google Authenticator, for example. While this isn't the sexiest of news, it's great to see this security practice growing in popularity: using an app, rather than a text message, to authenticate into other apps and services.

Until now, in order to use two-factor authentication (2FA) with your Facebook account you needed to give Facebook your phone number. Which seemed a little dumb as, in order to improve your privacy, you needed to give the largest data collection service in the world more data. But that's changed with a new 2FA system coming into play that lets you use third party authenticators.

Facebook recently added two-factor authentication (2FA) to their network, plugging a long-standing security issue. The new system works using several different options for the second authentication factor including a security code sent to you via SMS. But it turns out people got a lot more messages than they bargained for when they took this option. As a result, users started getting notifications over SMS that had nothing to do with security.

If you get a text from Facebook, then you probably don't want to respond -- even if your response is something along the lines of "Stop texting me."

A long, long time ago, having a good password was all you needed to make sure your Gmail (or other online) account was secure. Now, if you don't have two-factor authentication, or 2FA, then you're missing out on a really simple way to protect yourself. Why, then, do less than 10 per cent of Gmail users have 2FA enabled? Great question.

Dropbox has jumped on the two-factor authentication (2FA) bandwagon with changes to their mobile app. Now, when an attempt is made to log into your Dropbox account, a notification is sent to your mobile device where you can tap a button to authenticate your identity. There's no code to enter.

One of the primary vehicles used by bad guys to access our systems is stealing log-in credentials in order to impersonate real users. All the security processes and tools in the world are circumvented when someone has your username and password. That's where two-factor authentication (2FA) comes into play. 2FA works by adding another authentication challenge to the equation. It's not just about what you know - your password, it's also about something you have. That's where the authenticator apps from Microsoft and Google come into play.