Online security is the set of habits, tools, and technologies that keep your accounts, your data, and your devices out of the wrong hands. Most people meet it only at the moment something goes wrong: a password that no longer works, a strange charge on a card, an email that looks almost right but is not. This hub takes the opposite approach. It explains the handful of ideas that protect you most, in plain language, so the defenses make sense before you ever need them.
Security and cryptography are closely linked, and our roots are on the cryptography side. In 2017 our team produced the first practical SHA-1 collision, which forced a widely used algorithm out of service. That work is a reminder that security is not a fixed state but an ongoing contest between defenders and attackers. The pages here translate that perspective into advice you can act on today.
What Online Security Actually Covers
It helps to break the topic into a few goals rather than a long list of products. Almost every security measure exists to support one of these aims.
Confidentiality keeps information readable only by the people who are supposed to see it. Encryption on a web connection and a properly locked phone both serve this goal.
Integrity means data has not been altered without you knowing. When a download page lists a checksum, or your bank flags a tampered transaction, integrity protection is at work.
Authentication confirms that people and servers are who they claim to be. Passwords, two-factor codes, and the certificate behind a website all answer the question, “are you really who you say you are?”
Availability keeps systems and your access to them running. A locked-out account or a service knocked offline is a failure of availability, even if no data leaks.
Most real incidents are a breakdown in one or more of these. A stolen password breaks authentication, which then breaks confidentiality when the attacker reads your mail. Seeing the goal behind each tool makes the tool easier to use well.
Why It Matters More Than It Used To
A single online account is rarely just one account. Your email is the recovery point for almost everything else, so whoever controls it can reset your banking, shopping, and social logins in minutes. Your accounts are also linked across services, which means a weakness in one place can cascade outward.
The economics have shifted too. Attacks are increasingly automated. Criminals do not sit and target you by hand; they run software that tries millions of stolen username and password pairs against thousands of sites at once. That changes the defensive math. You are not trying to outsmart a person watching you, you are trying to not be the easy target the automation scoops up. The good news is that a few solid habits move you out of that low-effort target pool entirely.
What You Will Find in This Section
This hub branches into four focused guides. Each one stands on its own, and together they cover the threats most people actually face.
Data Breaches
When a company you trusted is compromised, your information can end up in someone else’s database. Our guide to data breaches explains how breaches happen, what kind of data tends to leak, why it matters even when “only” an email address is exposed, and the concrete steps that limit the damage to you.
Password Security
Passwords remain the front door to most of your digital life, and most advice about them is outdated. Our password security guide explains what genuinely makes a password strong (length matters more than odd symbols), why well-run sites never store your actual password, and how password managers and two-factor authentication do most of the heavy lifting for you.
HTTPS and TLS
That padlock in your browser is doing real work, but not always the work people assume. Our explainer on HTTPS and TLS covers how an encrypted connection is set up, what certificates and certificate authorities prove, and the important difference between what TLS protects and what it leaves exposed.
Phishing Attacks
The most reliable way into an account is often to simply ask the owner for the keys, dressed up convincingly. Our guide to phishing attacks breaks down the tactics behind these scams, the tells that give them away, and exactly what to do if you realize you have been caught.
How These Pieces Fit Together
These topics are not separate silos. They reinforce each other in ways that matter.
Strong, unique passwords limit the blast radius of a data breach, because a password stolen from one site is then useless everywhere else. Two-factor authentication adds a second lock so that even a leaked password is not enough on its own. HTTPS protects your password while it travels to the site, so it cannot be read off the wire in transit. And recognizing phishing protects all of the above, because the slickest attack still fails if you never hand over your credentials in the first place.
Read in any order, the four guides build a layered defense. No single measure is perfect, which is exactly why layering them works: an attacker has to defeat several independent protections rather than just one.
The Cryptography Underneath
Much of what makes online security possible comes down to mathematics running quietly in the background. Passwords are protected with hash functions, web connections are secured with encryption and digital certificates, and the integrity of downloads is verified with cryptographic fingerprints. If you want to understand the machinery beneath these defenses, our cryptography section explains hashing, encryption, and digital signatures from the ground up.
You do not need that depth to stay safe. The security guides here are written to be useful on their own. But the cryptography is there for anyone who wants to know not just what to do, but why it works.
Frequently Asked Questions
What is the single most useful thing I can do for my security?
Use a password manager to give every account a long, unique password, and turn on two-factor authentication for your email first. Those two changes block the most common automated attacks and protect the account that can reset all the others.
Is the padlock in my browser enough to know a site is safe?
No. The padlock means your connection to the site is encrypted, so others cannot read it in transit. It does not promise the site itself is honest. A scam site can also show a padlock, which is why recognizing phishing still matters.
Do I really need to worry if I have “nothing to hide”?
Security is less about hiding and more about control. Your email, contacts, photos, and payment details have real value to an attacker regardless of whether you consider them sensitive, and losing control of an account can lock you out of services you depend on.
How is security different from cryptography?
Cryptography is the underlying math, things like hashing and encryption. Security is the broader practice of using those tools, along with good habits and sensible defaults, to protect real systems and people. Our cryptography section covers the foundations.
