The idea that we might ‘think’ passwords instead of typing them sounds like science fiction – but a team of UC Berkeley School of Information researchers has proved that it can work, using existing ‘mind reading’ headsets.

Up to 81% of computer security professionals reuse passwords across multiple applications, violating security best practice

PayPal has warned of a looming security crisis if new top-level domains such as .bank are brought into use later this year.

Most security professionals have enough to deal with thanks to insecure passwords – but AT&T seems to want its users to keep them clean, too. The “password restrictions” page for AT&T users says, “The password can’t contain the words “password”, “admin”, “pa$$w0rd” or other common words. The password can’t contain obscene language.”

Britain’s hi-tech government intelligence agency GCHQ should know better than to send passwords in plain text via email – but has been doing so due to “legacy systems”, it admitted in a statement this week.

Stepping up protection of the Apple ID falters as password reset bug emerges before two-step verification is fully implemented.

Correct identification of an individual using a computer or service is important because it represents the accountability of the person identified. If you know my username on a computer system, you can check on what I do on that system through an audit trail, and I can therefore be held accountable for those actions. However,

Following the examples of Google, Facebook, Yahoo and DropBox, Twitter is reportedly ready to roll out a two factor sign in process for its millions of users. This comes in light of February’s attack when some 250,000 passwords were stolen.

In his summary of New Year predictions by security researchers here at ESET, Stephen Cobb pointed to expanded efforts by malware authors to target the Linux operating system. Looks like that might be right: A blog post published by Sucuri yesterday describes a backdoored version of the SSH daemon discovered on compromised servers. Interestingly, this

According to the Deloitte Technology Trends 2013 report more than 90 per cent of user-generated passwords are weak and vulnerable to hacking, including those considered strong by IT departments.