Almost every significant data breach starts by compromising an end-point device. And the easiest way to do that is to steal some user credentials. It's why the theft of credentials from Yahoo!, Ashley Madison and other large companies are such a big deal. Many people use the same usernames and passwords on multiple sites. But what if your access to a site was governed by something other than a username and password? This is where the YubiKey fits in.

Microsoft has been pushing towards a password-free future for some time. Another step along this road has been taken. The Windows Hello authentication system has been granted FIDO2 certification. What is FIDO2 and why is this important?

I tend to change gadgets a lot more than most people, which means when I visit friends with a laptop or tablet in-tow it’s more than likely not the same laptop or tablet I had the last time I was there.

In case you missed it - May 2 is World Password Day. And while this confected "special day" is a weird thing to celebrate, it's a good time to reflect on whether we are all following good password practises.

Billions of accounts have been compromised. From Yahoo’s multiple breaches to Facebook's Cambridge Analytica scandal and Equifax’s data leakages, no one is safe from malicious hacks. In short, the cyber world is becoming increasingly hostile and its not just big businesses that need to worry.

Every single person using the internet today should use proven password strategies. Take steps to make your personal information safer by following these seven password tips.

In this age of corporate hacks and massive password leaks, having a fresh, unleaked password is just as important as having one that’s hard to crack. To that end, Google just announced and launched a new Chrome extension that helps make sure your passwords haven’t been compromised and are still keeping your accounts safe.

Given that literal billions of usernames and passwords have been breached over recent years it's likely that many of us have some user credentials out there that are in the hands of bad people. To help keep us safer, a number of services have emerged. Today, a new Chrome Extension has been released that checks if the if username and password combinations you tap into a login form have been previously compromised.

Two-factor authentication is designed to keep hackers out of your accounts, but it won't keep you safe if they can intercept your text messages.

For the last seven years, SplashData has revealed its annual list of the most commonly used passwords of the year. This time around, the results reveal that, uh, we still have work to do.

Is your password sunshine, 666666, or monkey? Bad news: if a hacker tries to guess your password, those are some of the very first ones they’ll try. SplashData, makers of the password managers SplashID, TeamsID, and Gpass, just released its annual “worst passwords” list.

The company examined over 5 million leaked passwords, and named the 25 most common passwords. Combined, these passwords are used by 10 per cent of computer users.

Earlier this week, Microsoft announced that they will be pushing forward with its vision for a password-less future. Anyone following the company's moves, and indeed those of a number of other companies, can see that the use of a username/password combination to prove identity has been on shaky ground for some time. The theft of large numbers of user credentials through a number of major breaches over the last five years has almost completely undermined the use of these credentials. But what's next?

The next time you're forced to make a password — especially if a site requires you to use a crazy combination of uppercase and lowercase letters, or a number, or a symbol — don't assume that these attempts at obfuscation automatically mean that your password is incredible and secure.

While Facebook has faced massive scrutiny over the last year when it comes to privacy and security, their other major social network, Instagram, has managed to stay clear of the spotlight. Until now. Over the weekend, it was revealed that a new security flaw could have inadvertently exposed Instagram passwords to public view.

Bad password habits can drive your business' security team crazy. But they also have a major security implication for us personally. Some new data related today highlights what some of the issues are and what we can do about them.

Two-factor authentication is a quick, easy way to add extra security to your accounts (or password managers). For even more security and peace of mind, consider buying a hardware token like the YubiKey or Google Titan.

They’re incredibly easy to set up, and as long as you keep the USB accessory on or near you—on your keyring, for example — you’ll be able to authenticate into supported accounts and services as quickly as typing in a password. And since nobody else will have your hardware authenticator, your accounts will be protected from other attackers.

Even in a world of face unlocking and fingerprint scanning, we still haven't escaped the password just yet. They're still a necessity and they're still annoying to remember. There are now numerous browser features, third-party tools, and even hardware dongles designed to help keep your login credentials safe and secure. Here's how to make sure you're doing passwords right in 2018.

It's often said that the safest password you can have is one you don't know. Which is why so many password management programs create passwords for you that impossible for you to remember. But Microsoft is going a step further. They are enabling password-free access to more services through their Authenticator app.

The latest version of Apple’s iPhone and iPad operating system, iOS 12, is out. It features dozens of new features and improvements; there’s something for everybody.

The password itself is crappy. It’s a fundamentally flawed mechanism for securing our accounts and data that should have died long ago. That means poorly crafted passwords are doubly bad. But with the release of iOS 12 and recent updates to Android, truly terrible passwords—your 123456, facebookpassw0rd, or dEadP3tsnAme—have lost all reason to exist.