Why SSL? The Purpose of using SSL Certificates

SSL is the backbone of our secure Internet and it protects your sensitive information as it travels across the world's computer networks. SSL is essential for protecting your website, even if it doesn't handle sensitive information like credit cards. It provides privacy, critical security and data integrity for both your websites and your users' personal information. SSL Encrypts Sensitive Information The primary reason why SSL is used is to keep sensitive information sent across the Internet encrypted so that only the intended recipient can understand it. This is important because the information you send on the Internet is passed from computer to computer to get to the destination server. Any computer in between you and the server can see your credit card numbers, usernames and passwords, and other sensitive information if it is not encrypted with an SSL certificate. When an SSL certificate is used, the information becomes unreadable to everyone except for the server you are sending the information to. This protects it from hackers and identity thieves. SSL Provides Authentication In addition to encryption, a proper SSL certificate also provides authentication. This means you can be sure that you are sending information to the right server and not to an imposter trying to steal your information. Why is this important? The nature of the Internet means that your customers will often be sending information through several computers. Any of these computers could pretend to be your website and trick your users into sending them personal information. It is only possible to avoid this by using a proper Public Key Infrastructure (PKI), and getting an SSL Certificate from a trusted SSL provider. Why are SSL providers important? Trusted SSL providers will only issue an SSL certificate to a verified company that has gone through several identity checks. Certain types of SSL certificates, like EV SSL Certificates, require more validation than others. How do you know if an SSL provider is trusted? You can use our SSL Wizard to compare SSL providers that are included in most web browsers. Web browser manufactures verify that SSL providers are following specific practices and have been audited by a third-party using a standard such as WebTrust. SSL Provides Trust Web browsers give visual cues, such as a lock icon or a green bar, to make sure visitors know when their connection is secured. This means that they will trust your website more when they see these cues and will be more likely to buy from you. SSL providers will also give you a trust seal that instills more trust in your customers. HTTPS also protects against phishing attacks. A phishing email is an email sent by a criminal who tries to impersonate your website. The email usually includes a link to their own website or uses a man-in-the-middle attack to use your own domain name. Because it is very difficult for these criminals to receive a proper SSL certificate, they won’t be able to perfectly impersonate your site. This means that your users will be far less likely to fall for a phishing attack because they will be looking for the trust indicators in their browser, such as a green address bar, and they won’t see it. SSL is required for PCI Compliance In order to accept credit card information on your website, you must pass certain audits that show that you are complying with the Payment Card Industry (PCI) standards. One of the requirements is properly using an SSL Certificate. Disadvantages of SSL With so many advantages, why would anyone not use SSL? Are there any disadvantages to using SSL certificates? Cost is an obvious disadvantage. SSL providers need to set up a trusted infrastructure and validate your identity so there is a cost involved. This has been alleviated by increased competition in the industry and the introduction of providers like Let's Encrypt. Performance is another disadvantage to SSL. Because the information that you send has to be encrypted by the server, it takes more server resources than if the information weren’t encrypted. The performance difference is only noticeable for web sites with very large numbers of visitors and can be minimized with special hardware in such cases. Overall, the disadvantages of using SSL are few and the advantages far outweigh them. It is critical that you properly use SSL on all websites. Proper use of SSL certificates will help protect your customers, help protect you, and help you to gain your customers trust and sell more.

What is SSL? SSL Certificate Basics

Overview What is SSL? SSL stands for Secure Sockets Layer, an encryption technology that was originally created by Netscape in the 1990s. SSL creates an encrypted connection between your web server and your visitors' web browser allowing for private information to be transmitted without the problems of eavesdropping, data tampering, and message forgery. To enable SSL on a website, you will need to get an SSL Certificate that identifies you and install it on your web server. When a web browser is using an SSL certificate it usually displays a padlock icon but it may also display a green address bar. Once you have installed an SSL Certificate, you can access a site securely by changing the URL from http:// to https://. If SSL is properly deployed, the information transmitted between the web browser and the web server (whether it is contact or credit card information), is encrypted and only seen by the organization that owns the website. Millions of online businesses use SSL certificates to secure their websites and allow their customers to place trust in them. In order to use the SSL protocol, a web server requires the use of an SSL certificate. SSL certificates are provided by Certificate Authorities (CAs). SSL vs. TLS SSL and TLS generally mean the same thing. TLS 1.0 was created by RFC 2246 in January 1999 as the next version of SSL 3.0. Most people are familiar with the term SSL so that is usually the term that is used when the system is using the newer TLS protocol. Why do I need SSL? SSL helps prevent attackers or intrusive companies such as ISPs from tampering with the data sent between your websites and your users’ browsers. It is critical for protecting sensitive information such as a credit card numbers but it also protects your site from malware and prevents others from injecting advertisements into your resources. Read our why SSL is necessary page to learn more. What is a certificate authority (CA)? A certificate authority is an entity which issues digital certificates to organizations or people after validating them. Certification authorities have to keep detailed records of what has been issued and the information used to issue it, and are audited regularly to make sure that they are following defined procedures. Every certification authority provides a Certification Practice Statement (CPS) that defines the procedures that will be used to verify applications. There are many commercial CAs that charge for their services (VeriSign). Institutions and governments may have their own CAs, and there are also free Certificate Authorities. Every certificate authority has different products, prices, SSL certificate features, and levels of customer satisfaction. Learn more about choosing a certificate provider or read our SSL Certificate reviews to find the best provider to purchase from. What is browser compatibility? The certificate that you purchase to secure your web site must be digitally signed by another certificate that is already in the trusted store of your user's web browser. By doing this, the web browser will automatically trust your certificate because it is issued by someone that it already trusts. If it isn't signed by a trusted root certificate, or if links in the certificate chain are missing, then the web browser will give a warning message that the web site may not be trusted. So browser compatibility means that the certificate you buy is signed by a root certificate that is already trusted by most web browsers that your customers may be using. Unless otherwise noted, the certificates from all major certificate providers listed on SSL Shopper are compatible with 99% of all browsers. For more details about a specific certificate provider, see SSL Certificate Compatibility. How many domain names can I secure? Most SSL server certificates will only secure a single domain name or sub-domain. For example, a certificate could secure www.yourdomain.com or mail.yourdomain.com but not both. The certificate will still work on a different domain name but the web browser will give an error anytime it sees that the address in the address bar doesn't match the domain name (called a common name) in the certificate. If you need to secure multiple sub-domains on a single domain name, you can buy a wildcard certificate. For a wildcard certificate, a common name of *.yourdomain.com would secure www.yourdomain.com, mail.yourdomain.com, secure.yourdomain.com, etc... There are also special certificates such as Unified Communications (UC) certificates that can secure several different domain names in one certificate. What is a trust seal? A trust seal is a logo that you can display on your web site that verifies that you have been validated by a particular certificate provider and are using their SSL certificate to secure your site. It can be displayed on secure and non-secure pages and is most appropriate on pages where customers are about to enter their personal information such as a shopping cart page but they can be displayed on every page to help build trust. Every certificate authority's trust seal is different and some look more professional so you should consider what the seal looks like in order to maximize customer trust. To learn more about trust seals read Gain Trust Online Using Trust Seals.

Get a Security Suite for All-Around Protection

It's true that a good antivirus utility can protect your PC against Trojans, ransomware, adware, spyware, and every sort of malware, but why stop there? A full-blown security suite adds firewall protection, both fending off outside attack and monitoring network access by your programs. For those who need it, getting spam filtering as part of a suite can be beneficial. Likewise, parents will appreciate not having to spring for a separate parental control utility. And when these and other features integrate smoothly into a single suite, they have a lot less performance impact than a rowdy collection of separate security tools. If you only have antivirus, or if you have no security protection at all, read on; you'll learn how to choose the right suite. The top security vendors offer security suites that integrate a variety of features. Some stick to the basics, while others pile on tons of useful extras. Just read through PCMag's reviews of security suites and select one that has the features you need. I've reviewed 45 security suites and identified a collection of the best ones, of all types from simple entry-level suites to cross-platform multi-device extravaganzas. This article briefly mentions the many tests we use to evaluate security suites and determine which ones are best. If you want more details on the torture tests we perform on every product we review, please read the full explanation of how we test security software. Basic and Advanced Security Suites Most security vendors offer at least three levels of security products, a standalone antivirus utility, an entry-level security suite, and an advanced suite with additional features. Most entry-level suites include antivirus, firewall, antispam, parental control, and some sort of additional privacy protection such as protection against phishing sites, those frauds that try to steal your passwords. The advanced "mega-suite" typically adds a backup component and some form of system tune-up utility, and some also add password managers and other security extras. When a new product line comes out, I start by reviewing the antivirus. In my review of the entry-level suite, I summarize results from the antivirus review and dig deeper into the suite-specific features. And for a mega-suite review, I focus on the advanced features, referring back to the entry-level suite review for features shared by both. Your choice of a basic or advanced security suite depends entirely on what features matter to you. Symantec is an exception to this pattern. Previously the company offered various antivirus and suite products for PC, Mac, and Mobile. All the standalone Norton products you may remember were retired a couple years ago, rolled into Symantec Norton Security. However, Symantec recently brought back a standalone antivirus product, Norton AntiVirus Basic. One more thing: The suites we've rounded up here are aimed at protecting consumers, for the most part. You can definitely use any of them in a small business, but as your company grows you may need to switch to a SaaS endpoint protection system. This type of service lets an administrator monitor and manage security for all your company's computers. Fighting Malware, Adware, and Spyware Antivirus is the heart of a security suite; without an antivirus component, there's no suite. Naturally you want a suite whose antivirus is effective. When evaluating an antivirus, I look for high marks from the independent antivirus testing labs. The fact that the labs consider a product important enough to test is a vote of confidence in itself. The very best antivirus products get high ratings from many labs. I also perform my own hands-on testing. For one test I use a relatively static set of malware samples that's replaced once per year. I note how the antivirus reacts when I try to launch those samples and score it on how well it protects the test system. For another, I try to download very new malicious files from URLs no more than a few days old. Lab test results, my own test results, and other aspects like ease of use go into my antivirus rating. Firewall Choices A typical personal firewall offers protection in two main areas. On the one hand, it monitors all network traffic to prevent inappropriate access from outside the network. On the other, it keeps a watchful eye on running applications to make sure they don't misuse your network connection. The built-in Windows Firewall handles monitoring traffic, but doesn't include program control. A few security suites skip the firewall component, figuring that Windows Firewall already does the most essential firewall tasks. The last thing you want is a firewall that bombards you with incomprehensible queries about online activity. Should OhSnap32.exe be allowed to connect with 111.222.3.4 on port 8080? Allow or Block? Once, or always? Modern firewalls cut down the need for these queries by automatically configuring permissions for known programs. The very best ones also handle unknown programs by monitoring them closely for signs of improper network activity and other suspicious behaviors. Squelch Some Spam These days, most of us hardly ever see spam messages in our inboxes because your email provider filters them out. If you don't get this service from your provider, it can be hard to even find your valid mail amid all the offers of male enhancements, Russian brides, and quick-money schemes. If your provider doesn't squelch spam, it's smart to choose a suite that has spam filtering built in. Look for one that integrates with your email client. Client integration lets it divert spam into its own folder, and sometimes let you train the spam filter by flagging any spam messages that get through or, worse, valid messages that wound up in the spam pile. Get Early Access to Top Brand Name Tech up to 50% off Join the PCMag Tech Deals list delivered straight to your inbox Unlock the deals now Phishing and Privacy Protection The best antivirus in the world can't help you if a fraudulent website tricks you into giving away your security credentials. Phishing sites masquerade as bank sites, auction sites, even online game sites. When you enter your username and password, though, your account is instantly compromised. Some clever ones will even pass along your credentials to the real site, to avoid raising suspicions. Steering users away from phishing sites definitely helps protect privacy, but that's not the only way suites can keep your private information out of the wrong hands. Some offer specific protection for user-defined sensitive data, credit cards, bank accounts, that sort of thing. Any attempt to transmit sensitive data from your computer sets of an alarm. Some contract with third-party vendors to offer credit protection. And some supply a hardened browser that lets you do online banking in an environment isolated from other processes. What About Parental Control? I don't penalize a suite for omitting parental control. Not everyone has kids, and not every parent feels comfortable about controlling and monitoring their children's computer use. However, if parental control is present, it has to work. Blocking inappropriate websites and controlling how much time the child spends on the Internet (or on the computer) are the core components of a parental control system. Some suites add advanced features like instant message monitoring, limiting games based on ESRB ratings, and tracking the child's social networking activity. Others can't even manage the basics successfully. Don't Bog Me Down One big reason to use a security suite rather than a collection of individual utilities is that the integrated suite can do its tasks using fewer processes and a smaller chunk of your system's resources. Or at least, that's what ought to happen. Few modern suites have an appreciable effect on performance. For a hands-on measure of just what effect installing a particular suite has, I time three common system actions with and without the suite installed, averaging many runs of each test. One test measures system boot time, another moves and copies a large collection of files between drives, and a third zips and unzips that same file collection repeatedly. Suites with the very lightest touch have almost no effect on the time required. Backup and Tune-Up Utilities In a sense, having a backup of all your files is the ultimate security. Even if ransomware destroys your data, you can still restore from backup. Some vendors reserve backup for their mega-suite offering, while others include it in the entry-level suite. Read my reviews carefully, as backup capabilities vary wildly. At the low end, some vendors give you nothing you couldn't get for free from Mozy, IDrive, or another online backup service. At the high end you might get 25GB of online storage hosted by the vendor, along with the ability to make local backups. Tuning up your system performance has no direct connection with security, unless it serves to counteract the security suite's performance drag. However, tune-up components often include privacy-related features such as clearing traces of browsing history, wiping out temporary files, and deleting lists of recently used documents. For a dedicated system-cleaning app, read our roundup of the Best Tune-Up Utilities. What's Not Here? I've evaluated 45 security suites, including entry-level suites, feature-packed mega-suites, and suites that extend protection across multiple different platforms. The products listed in the chart at the top of this article have all received at least four stars; those with 3.5 or fewer stars don't appear. In some cases, two products from the same vendor appear in the chart. For example, Bitdefender Internet Security is an Editors' Choice for entry-level suite, and Bitdefender Total Security earned the same honor as a security mega-suite. There are a couple of four-star suites that just didn't make the cut for the chart, given that there are other, very similar products from the same company already in it. Webroot SecureAnywhere Internet Security Plus is quite good, but it doesn't have all the features of Webroot SecureAnywhere Internet Security Complete. Likewise, Trend Micro Maximum Security beat out the less-feature-rich Trend Micro Internet Security for a spot on the chart. To see those and all the other suites we've reviewed, check out our security suites page, or scroll through the product blurbs at the bottom of this page. What's the Best Security Suite? The chart at top details ten security suites that we definitely recommend, including multi-device suites, mega-suites, and entry-level suites. If you're looking for a suite that covers the basics without getting in the way, Bitdefender Internet Security and Kaspersky Internet Security are our Editors' Choice winners. In the mega-suite range, Editors' Choice goes to Bitdefender Total Security and Kaspersky Total Security, with more features than you can imagine. Symantec Norton Security Premium protects up to 10 devices, and McAfee LiveSafe doesn't put any limit on the number of devices—these two are our Editors' Choice products for cross-platform multi-device security suite. With a powerful, integrated suite protecting your devices, you can stay protected without worrying about balancing security against performance. Featured Security Suite Reviews: Bitdefender Internet Security 2017 Bitdefender Internet Security 2017 Review Editors' Choice $59.99 MSRP $39.99 at Bitdefender Bitdefender Internet Security 2017 packs every feature you expect in a security suite, along with a wealth of bonus features. An updated user interface revitalizes this excellent suite. Read the full review Get Up To 50% Off Suites ›› Bitdefender Total Security 2017 Bitdefender Total Security 2017 Review Editors' Choice $89.99 MSRP $44.99 at Bitdefender Bitdefender Total Security 2017 offers a cornucopia of security features for Windows, with plenty of bonus features. You also get award-winning Android security and antivirus for Mac. Read the full review Get Up To 50% Off Suites ›› Kaspersky Internet Security (2017) Kaspersky Internet Security (2017) Review Editors' Choice $79.99 MSRP $54.99 at Kaspersky With best-ever ratings from independent testing labs and a huge range of security-centric features, Kaspersky Internet Security is one of our top picks for keeping your PC and devices safe. Read the full review Get Up To 50% Off Suites ›› Symantec Norton Security Premium (2017) Symantec Norton Security Premium (2017) Review Editors' Choice $89.99 MSRP $49.49 at Norton - 1 year plan In addition to a raft of top-notch suite features, Symantec Norton Security Premium comes with 25GB of online storage and a top-tier parental control system. Furthermore, you can install it on up to 10 Windows, Android, macOS, and iOS devices. Read the full review Get Up To 50% Off Suites ›› Kaspersky Total Security (2017) Kaspersky Total Security (2017) Review Editors' Choice $89.99 MSRP $59.99 at Kaspersky To the impressive feature list of Kaspersky's entry-level suite, Total Security adds password management, excellent parental control, file encryption, secure deletion, and more. It's a top choice for security mega-suites. Read the full review Get Up To 50% Off Suites ›› McAfee LiveSafe (2017) McAfee LiveSafe (2017) Review Editors' Choice $89.99 MSRP $44.99 at McAfee In addition to protecting all your Windows, Mac, iOS, and Android devices, McAfee LiveSafe offers a unique encrypted cloud storage system. Read the full review Get Up To 50% Off Suites ›› Symantec Norton Security Deluxe (2017) Symantec Norton Security Deluxe (2017) Review $79.99 MSRP $39.99 at Norton - 1 year plan Symantec Norton Security Deluxe offers award-winning antivirus and a tough, self-sufficient firewall, without dragging down system performance. It can protect up to five Windows, Android, macOS, or iOS devices. Read the full review Get Up To 50% Off Suites ›› McAfee Total Protection (2017) McAfee Total Protection (2017) Review $89.99 MSRP $44.99 at McAfee To the feature set of McAfee's entry-level suite, Total Protection adds file encryption and four additional licenses for the True Key password manager. Best of all, you can install it on every device in your household. Read the full review Get Up To 50% Off Suites ›› Trend Micro Internet Security (2017) Trend Micro Internet Security (2017) Review $59.95 MSRP $39.95 at Trend Micro Though it lacks an integrated firewall, Trend Micro Internet Security (2017) includes antivirus, antispam, and parental control, along with loads of bonus features that actively help to ensure your PC's security. Read the full review Get Up To 50% Off Suites ›› Trend Micro Maximum Security (2017) Trend Micro Maximum Security (2017) Review $89.95 MSRP $44.95 at Trend Micro Your Trend Micro Maximum Security lets you protect up to five Windows, macOS, Android, or iOS devices, but it's best on Windows and Android. Read the full review Get Up To 50% Off Suites ›› Webroot SecureAnywhere Internet Security Complete Webroot SecureAnywhere Internet Security Complete Review $79.99 MSRP $29.99 at Webroot Webroot SecureAnywhere Internet Security Complete includes a powerful, unusual antivirus, 25GB of hosted online backup, and a system optimization system, yet has a light touch on system resources. Read the full review Get Up To 50% Off Suites ›› Webroot SecureAnywhere Internet Security Plus (2016) Webroot SecureAnywhere Internet Security Plus (2016) Review $49.99 MSRP $29.99 at Webroot Webroot SecureAnywhere Internet Security Plus adds Android support and a password manager to an already-excellent antivirus app. Read the full review Get Up To 50% Off Suites ›› Avast Internet Security 2017 Avast Internet Security 2017 Review $49.99 MSRP $49.99 at AVAST Software Avast Internet Security 2017 includes an antivirus, a robust firewall, a simple spam filter, and a wealth of bonus features. Depending upon your needs, though, a less expensive Avast product could be more cost effective. Read the full review Get Up To 50% Off Suites ›› Check Point ZoneAlarm Extreme Security 2017 Check Point ZoneAlarm Extreme Security 2017 Review $89.95 MSRP $44.95 at ZoneAlarm Check Point's ZoneAlarm Extreme Security 2017 adds a wealth of security components to its core powerful firewall. Beyond the firewall, though, most of this suite's significant features are licensed from other vendors. Read the full review Get Up To 50% Off Suites ›› F-Secure Internet Security (2017) F-Secure Internet Security (2017) Review $49.99 MSRP The antivirus components of F-Secure Internet Security scored high in our testing, aided by the suite-specific Browsing Protection features. However, the rest of its components don't make up a top-notch suite. Read the full review Get Up To 50% Off Suites ›› G Data Total Security 2017 G Data Total Security 2017 Review $69.95 MSRP $49.95 at Amazon G Data Total Security 2017 adds significant bonus features that are well worth the price bump from the company's entry-level suite. Read the full review Get Up To 50% Off Suites ›› McAfee Internet Security (2017) McAfee Internet Security (2017) Review $79.99 MSRP $39.99 at McAfee Upgrading from McAfee AntiVirus Plus to McAfee Internet Security gets you a clever password manager along with parental control and spam filtering that you may not need. You're better off sticking with the antivirus or choosing an Editors' Choice suite. Read the full review Get Up To 50% Off Suites ›› Panda Global Protection (2017) Panda Global Protection (2017) Review $49.99 MSRP $34.99 at Panda Security Panda Global Protection boasts the wealth of features you'd expect in a security mega-suite, but it doesn't match quality of the top competitors, and its pricing is confusing. Read the full review Get Up To 50% Off Suites ›› Panda Gold Protection (2017) Panda Gold Protection (2017) Review $94.99 MSRP $47.49 at Panda Security Panda Gold Protection enhances an uneven security suite with a slick backup and sync system, along with VIP support for all your tech woes. But it's seriously pricey. Read the full review Get Up To 50% Off Suites ›› Panda Protection Advanced Panda Protection Advanced Review $34.99 MSRP $3.99 at Panda Security Panda Protection Advanced offers unlimited installations on your Windows and Android devices. It's by far the least expensive cross-platform suite, but other vendors offer more consistent protection. Read the full review Get Up To 50% Off Suites ›› Panda Protection Complete Panda Protection Complete Review $74.99 MSRP $6.99 at Panda Security A subscription to Panda Protection Complete lets you install security on all of your Windows and Android devices. It's a good deal, but competing products score better in testing and cover more device types. Read the full review Get Up To 50% Off Suites ›› Avast Premier 2017 Avast Premier 2017 Review $69.99 MSRP $55.99 at AVAST Software Upgrading from Avast's very good security suite to Avast Premier 2017 gets you a comprehensive secure deletion utility and automation for its software updater component. You'll have to decide if that's worth the significant added cost. Read the full review Get Up To 50% Off Suites ›› AVG Internet Security - Unlimited (2017) AVG Internet Security - Unlimited (2017) Review $69.99 MSRP $51.99 at AVG Technologies As the name implies, AVG Internet Security - Unlimited lets you install protection on an unlimited number of Windows, macOS, and Android devices. However, other cross-platform multi-device suites do the job better. Read the full review Get Up To 50% Off Suites ›› BullGuard Internet Security (2017) BullGuard Internet Security (2017) Review $59.95 MSRP $29.98 at BullGuard BullGuard Internet Security includes all the features you'd expect in a suite, plus a backup system and a comprehensive collection of tune-up utilities. Its many features aren't consistently effective, however. Read the full review Get Up To 50% Off Suites ›› BullGuard Premium Protection (2017) BullGuard Premium Protection (2017) Review $99.95 MSRP $39.98 at BullGuard On top of a full roster of security features, BullGuard Premium Protection adds identity protection and Facebook activity tracking. It actually costs less than BullGuard's entry-level suite, but Facebook tracking wasn't working when we tested it. Read the full review Get Up To 50% Off Suites ›› Comodo Internet Security Complete 10 Comodo Internet Security Complete 10 Review $89.99 MSRP Comodo Internet Security Complete 10 offers online backup, automatic VPN, and instant access to GeekBuddy remote tech support. However, we ran into problems with all three features, and the antivirus had issues in testing. Read the full review Get Up To 50% Off Suites ›› ESET Internet Security 10 ESET Internet Security 10 Review $59.99 MSRP $59.99 at ESET North America Antivirus is the best part of ESET Internet Security 10, but other components include an old-school firewall and parental control that's limited to content filtering. Read the full review Get Up To 50% Off Suites ›› ESET Multi-Device Security 10 ESET Multi-Device Security 10 Review $84.99 MSRP $84.99 at ESET North America ESET Multi-Device Security 10 lets you protect Windows, Mac, and Android devices, but not iOS. It's better on Android than on Windows, and Mac protection lags behind both. Read the full review Get Up To 50% Off Suites ›› ESET Smart Security Premium 10 ESET Smart Security Premium 10 Review $79.99 MSRP $79.99 at ESET North America ESET Smart Security Premium 10 includes everything you'd expect in a suite, plus file encryption, anti-theft, and a full-featured password manager. However, its unusual pricing makes it quite expensive for a multi-PC household. Read the full review Get Up To 50% Off Suites ›› F-Secure Safe (2017) F-Secure Safe (2017) Review $49.99 MSRP $39.99 at F-Secure A subscription to F-Secure Safe lets you install protection on your Windows, Android, macOS, or iOS devices. However, other cross-platform multi-device security apps offer better security at lower prices. Read the full review Get Up To 50% Off Suites ›› G Data Internet Security 2017 G Data Internet Security 2017 Review $54.95 MSRP $39.95 at Amazon G Data Internet Security has all the components you expect in a suite, and even adds backup. However, component quality varies from very good to very poor. Read the full review Get Up To 50% Off Suites ›› K7 Ultimate Security Gold 15 K7 Ultimate Security Gold 15 Review $59.99 MSRP K7 Ultimate Security Gold 15 has improved over its previous version in some areas, but the quality of its components still varies quite a bit. Read the full review Get Up To 50% Off Suites ›› Panda Internet Security (2017) Panda Internet Security (2017) Review $49.99 MSRP $24.99 at Panda Security Panda Internet Security includes the features you'd expect in a security suite, plus extras like ransomware protection. It didn't do well in our testing, however, and Panda itself offers more affordable competing products. Read the full review Get Up To 50% Off Suites ››

Microsoft Inches Toward a World Without Passwords

Microsoft on Tuesday announced the general availability of its phone sign-in for customers with Microsoft accounts -- a system that could be the beginning of the end for passwords. The new system requires that customers add their accounts to the Microsoft Authenticator app, which comes in both iOS and Android versions, noted Alex Simons, director of program management of the Microsoft Identity Division. After supplying a username, a member will get a mobile phone notification. Tapping "approve" on the app will authenticate the member's information. The new phone sign-in process is easier than two-factor authentication, according to Simons. 2FA requires users first to enter passwords, and then to enter a code delivered via text or email. The new process is safer than password-only systems, which can be forgotten, stolen for use in a phishing scheme, or otherwise compromised, he said. Microsoft Authenticator Microsoft Authenticator, introduced last summer, started out as a replacement for earlier authentication apps, both for enterprise use in Azure AD and consumer use in regular Microsoft accounts. The initial version allowed fingerprint authentication in place of passcodes, and offered support for wearables including Apple Watch and Samsung Gear. Setting up Microsoft's new phone-in system is easy. If customers already have Microsoft Authenticator for their personal accounts, they can select the dropdown button on the account tile and select "enable phone sign-in." Android users will be prompted to set up the authenticator. iPhones will set up the authenticator automatically. Users who don't have a phone available can elect to access their accounts using a password. Microsoft has not made the phone sign-in system available to Windows Phone users. Windows Phone makes up less than 5 percent of the active Authenticator Apps user base, Simons noted, so the company has prioritized iOS and Android. When the system achieves success on those two platforms, Microsoft will consider making it ready for Windows Phone. Password Problems The idea of moving away from passwords has been around for years, in part due to their vulnerability to hacking. Microsoft CEO Satya Nadella and Cloud Platform General Manager Julia White discussed the idea of moving away from passwords at the Government Cloud Forum in November 2015. Microsoft then employed Windows 10 Password to give customers a smart card level of threat detection, using the card as the first level of protection, then Windows Hello for confirmation through biometrics, such as face recognition, iris scanning or fingerprints. Better Than 2FA? The new functionality from Microsoft is not groundbreaking, but it represents a true upgrade from traditional password authentication methods, suggested Rik Ferguson, vice president for security research at Trend Micro. "This technology is definitely an improvement over using authenticator apps to generate one-time passwords, which can still be hijacked through a man-in-the-browser attack," he told the E-Commerce Times. The new app represents true two-factor authentication in the same way Apple uses its Trusted Device authentication or Google uses its prompts. Using interactive prompts or using an out-of-band trusted device like a smartphone rather than one-time passwords from an authenticator app or SMS does away with having data pass through the same browser, Ferguson added. However the new system doesn't necessarily make logins more secure, Trend Micro Cloud Security VP Mark Nunnikhoven told the E-Commerce Times. Microsoft's approach substitutes "something you know," the password, with "something you have," the phone, he said, but it is not as strong as genuine two-factor identification.