Is your password sunshine, 666666, or monkey? Bad news: if a hacker tries to guess your password, those are some of the very first ones they’ll try. SplashData, makers of the password managers SplashID, TeamsID, and Gpass, just released its annual “worst passwords” list.

The company examined over 5 million leaked passwords, and named the 25 most common passwords. Combined, these passwords are used by 10 per cent of computer users.

Earlier this week, Microsoft announced that they will be pushing forward with its vision for a password-less future. Anyone following the company's moves, and indeed those of a number of other companies, can see that the use of a username/password combination to prove identity has been on shaky ground for some time. The theft of large numbers of user credentials through a number of major breaches over the last five years has almost completely undermined the use of these credentials. But what's next?

The next time you're forced to make a password — especially if a site requires you to use a crazy combination of uppercase and lowercase letters, or a number, or a symbol — don't assume that these attempts at obfuscation automatically mean that your password is incredible and secure.

While Facebook has faced massive scrutiny over the last year when it comes to privacy and security, their other major social network, Instagram, has managed to stay clear of the spotlight. Until now. Over the weekend, it was revealed that a new security flaw could have inadvertently exposed Instagram passwords to public view.

Bad password habits can drive your business' security team crazy. But they also have a major security implication for us personally. Some new data related today highlights what some of the issues are and what we can do about them.

Two-factor authentication is a quick, easy way to add extra security to your accounts (or password managers). For even more security and peace of mind, consider buying a hardware token like the YubiKey or Google Titan.

They’re incredibly easy to set up, and as long as you keep the USB accessory on or near you—on your keyring, for example — you’ll be able to authenticate into supported accounts and services as quickly as typing in a password. And since nobody else will have your hardware authenticator, your accounts will be protected from other attackers.

Even in a world of face unlocking and fingerprint scanning, we still haven't escaped the password just yet. They're still a necessity and they're still annoying to remember. There are now numerous browser features, third-party tools, and even hardware dongles designed to help keep your login credentials safe and secure. Here's how to make sure you're doing passwords right in 2018.

It's often said that the safest password you can have is one you don't know. Which is why so many password management programs create passwords for you that impossible for you to remember. But Microsoft is going a step further. They are enabling password-free access to more services through their Authenticator app.

The latest version of Apple’s iPhone and iPad operating system, iOS 12, is out. It features dozens of new features and improvements; there’s something for everybody.

The password itself is crappy. It’s a fundamentally flawed mechanism for securing our accounts and data that should have died long ago. That means poorly crafted passwords are doubly bad. But with the release of iOS 12 and recent updates to Android, truly terrible passwords—your 123456, facebookpassw0rd, or dEadP3tsnAme—have lost all reason to exist.

There are a lot of fun new tricks in iOS 12. And if you’re big on security — who isn’t! — you’re going to love all the little password-themed features that Apple has dropped into its latest mobile operating system.

Chrome just celebrated its 10th birthday earlier this month, and even though it isn’t quite the super fast and lightweight web browser that made people fall in love with it a decade ago, Google hasn’t stopped trying to cram new features into Chrome.

To mark the 10th anniversary of its Chrome browser, Google is rolling out a substantial refresh of the browser, giving it a softer, rounder look and some neat new features. Most of the changes in Chrome version 69 are small quality-of-life tweaks, some of which are so subtle you might not even notice as part of Chrome’s new design.

Though they may not be life-changing, here are a few things worth checking out in the new Chrome experience.

Do you have any idea whether you’re “safe” online? Online security and privacy are complicated, and risks vary by person: You might worry about getting harassed, hacked, or your boss finding your terrible old blog posts and using them as an excuse to fire you. Crash Override’s Automated Cybersecurity Helper helps you secure your accounts according to your needs, and it guides you one step at a time so you don’t get overwhelmed.

iOS: There are plenty of incredible password managers out there — 1Password and LastPass come to mind — but Mozilla has password-management aspirations of its own. The company just released two new new mobile apps as part of its Test Pilot program and one, Firefox Lockbox, is a pretty convenient way to pull up your passwords on your iPhone and iPad.

Mac: It's been a few years since we've seen AgileBits release a major update to its killer password management app, 1Password, which is why everyone's so excited about last week's debut of 1Password 7. This app should pretty much be a household name at this point, as it's one of the major password managers we recommend to create and store super-secure passwords and passphrases.

At this point, it seems as though there's a new data breach every week where users usernames, passwords and other personal information has been exposed to hackers. Keeping track of them all can be quite the undertaking.

Netgear has warned customers that they have seen "suspicious activity" on user accounts associated with their Arlo security cameras. The company is very clear in saying they don't believe their systems have been breached. Rather, investigations suggest attackers may be using credentials obtained from other breaches and using those to attempt to gain unauthorised access to Arlo accounts. This is an object lesson in why you should use a unique password for every account and, preferably, use two-factor authentication on everything.

This week, password manager Dashlane analysed ten years' worth of passwords from public data breaches. The big lesson is, don't reuse passwords. Not even a little, not even with a "formula". Password formulas are easy to hack. And even your bullshit accounts deserve strong, unique passwords.