diff --git a/content/Developer_Program/Guides/User_Loaded_Data.adoc b/content/Developer_Program/Guides/User_Loaded_Data.adoc
index 2320e81e4..40bd11a58 100644
--- a/content/Developer_Program/Guides/User_Loaded_Data.adoc
+++ b/content/Developer_Program/Guides/User_Loaded_Data.adoc
@@ -87,7 +87,7 @@ The generated responses consist of a 40 character hexadecimal string generated a
 The Static Password configuration will accept data in the following formats and lengths:
 Password - A string of up to 38 characters as defined by the keyboard scan code ID.
 
-The generated Static Password codes contain the characters as programed, provided that the host system is using the same keyboard layout as the system the password was programmed on.
+The generated Static Password codes contain the characters as programmed, provided that the host system is using the same keyboard layout as the system the password was programmed on.
 
 
 === OATH Application
diff --git a/content/Developer_Program/WebAuthn_Starter_Kit/Attestation.adoc b/content/Developer_Program/WebAuthn_Starter_Kit/Attestation.adoc
index 8bf799e31..26d78c3ac 100644
--- a/content/Developer_Program/WebAuthn_Starter_Kit/Attestation.adoc
+++ b/content/Developer_Program/WebAuthn_Starter_Kit/Attestation.adoc
@@ -53,7 +53,7 @@ image::Images/attest-figure3.png[align="center"]
 
 The first of which is an "`allow list"`, whereby only a limited and pre-defined subset of all security devices may be registered and used as an authenticator in conjunction with a particular service. Depending on policies and how broad the array of security devices is amongst the userbase, this may be the most secure option to weed out potential issues created by untrusted security devices. One such example might be a strict requirement for a U.S. Federal agency mandated by Federal Information Processing Standards (FIPS) in order to protect sensitive or valuable data. Furthermore, allowed FIDO authenticators are usually those that have been tested internally or during development and have been vetted as a secure and compatible option.
 
-The second use case, which is similar to the first, is a "`deny list"`, which pre-emptively blocks a subset of all security devices instead. The benefit or advantage of this approach compared to the first is its more inclusive stance to security devices across the userbase but conversely, the major disadvantage is that it allows untrusted devices to be registered as well. Proponents of this approach aim to avoid alienating or preventing users from registering for the service and intend to only explicitly deny devices that have been flagged or outed as insecure alternatives.
+The second use case, which is similar to the first, is a "`deny list"`, which preemptively blocks a subset of all security devices instead. The benefit or advantage of this approach compared to the first is its more inclusive stance to security devices across the userbase but conversely, the major disadvantage is that it allows untrusted devices to be registered as well. Proponents of this approach aim to avoid alienating or preventing users from registering for the service and intend to only explicitly deny devices that have been flagged or outed as insecure alternatives.
 
 The third and final use case discussed here is what can be generally referred to as "`security advisory"`. The intention is that neither an allow or deny list is implemented but information is merely gathered and stored for the purposes of analyzing the data. The information may, of course, still be used at a later time to either allow or deny specific security devices, but the primary goal is to collate data, suggest to users if there are any potential issues with their registered devices and have a mechanism in place that may lead to prudent action when required.
 
diff --git a/content/Developer_Program/WebAuthn_Starter_Kit/Back-end_System_Design.adoc b/content/Developer_Program/WebAuthn_Starter_Kit/Back-end_System_Design.adoc
index 9200579da..8f390162a 100644
--- a/content/Developer_Program/WebAuthn_Starter_Kit/Back-end_System_Design.adoc
+++ b/content/Developer_Program/WebAuthn_Starter_Kit/Back-end_System_Design.adoc
@@ -2,7 +2,7 @@
 
 === Detailed Back-End System Design Introduction
 
-The WebAuthn Server manages the creation, update, and deletion of WebAuthn credentials associated with Amazon Cognito User Pool Identities. The Server is comprised of Amazon Congito User Pool to provide the identity framework, a MySQL compatible serverless
+The WebAuthn Server manages the creation, update, and deletion of WebAuthn credentials associated with Amazon Cognito User Pool Identities. The Server is comprised of Amazon Cognito User Pool to provide the identity framework, a MySQL compatible serverless
 link:https://aws.amazon.com/rds/aurora/serverless/[Amazon Aurora Database] to store user and credential information, and 3 Lambda functions to support the Cognito Custom Authentication flow.
 
 ==== Cognito User Pool
@@ -614,7 +614,7 @@ Finally, DefineChallenge returns a success response and token approval to Cognit
 
 If an account has already been created, a user may add a FIDO2 Authenticator using a usernameless flow - that is, the user does not need to enter their username at login. The logic for registration and authentication are identical to the Adaptive Multi-Factor Authentication flow discussed above - the primary change is that the `username` field is replaced with `preferred_username`. During authentication, the `preferred_username` is passed from the WebAuthn authentication data sent by the authenticator, and passed to Cognito.
 
-Note that while Cognito does allow for the `preferred_username` to be modified, doing so will break any authenticators registered with a usernameless flow, as the value sent by the authenticator will not match the Cognitio user pool data. While the Yubico WebAuthn Starter kit does not allow for the `preferred_username` to be changed, other implementations may have this functionality.
+Note that while Cognito does allow for the `preferred_username` to be modified, doing so will break any authenticators registered with a usernameless flow, as the value sent by the authenticator will not match the Cognito user pool data. While the Yubico WebAuthn Starter kit does not allow for the `preferred_username` to be changed, other implementations may have this functionality.
 
 
 ==== API Gateway Component
diff --git a/content/Developer_Program/WebAuthn_Starter_Kit/Installation/Manual_Back-End_Deployment.adoc b/content/Developer_Program/WebAuthn_Starter_Kit/Installation/Manual_Back-End_Deployment.adoc
index 0976c00d2..390f23585 100644
--- a/content/Developer_Program/WebAuthn_Starter_Kit/Installation/Manual_Back-End_Deployment.adoc
+++ b/content/Developer_Program/WebAuthn_Starter_Kit/Installation/Manual_Back-End_Deployment.adoc
@@ -8,7 +8,7 @@ This guide, however, describes how to *manually* deploy the WebAuthn Starter Kit
 
 === Prerequisites
 
-See the prerequisities section in the tutorial Automated WebAuthnKit deployment at AWS.
+See the prerequisites section in the tutorial Automated WebAuthnKit deployment at AWS.
 
 === Clone or download the GitHub project
 
diff --git a/content/Developer_Program/WebAuthn_Starter_Kit/Installation/Manual_Front-End-Deployment.adoc b/content/Developer_Program/WebAuthn_Starter_Kit/Installation/Manual_Front-End-Deployment.adoc
index dca99a15f..5564c3fc2 100644
--- a/content/Developer_Program/WebAuthn_Starter_Kit/Installation/Manual_Front-End-Deployment.adoc
+++ b/content/Developer_Program/WebAuthn_Starter_Kit/Installation/Manual_Front-End-Deployment.adoc
@@ -9,7 +9,7 @@ This guide, however, describes how to *manually* deploy the WebAuthn Starter Kit
 
 === Prerequisites
 
-See the prerequisities section in the tutorial Automated WebAuthnKit deployment at AWS.
+See the prerequisites section in the tutorial Automated WebAuthnKit deployment at AWS.
 
 Before proceeding with deploying the WebAuthnKit frontend, make sure to perform the steps in the tutorial Manually deploy and troubleshoot WebAuthnKit backend at AWS.
 
diff --git a/content/Developer_Program/WebAuthn_Starter_Kit/WebAuthn_High_Level_Architecture_Overview.adoc b/content/Developer_Program/WebAuthn_Starter_Kit/WebAuthn_High_Level_Architecture_Overview.adoc
index 6c033f965..acd6ca557 100644
--- a/content/Developer_Program/WebAuthn_Starter_Kit/WebAuthn_High_Level_Architecture_Overview.adoc
+++ b/content/Developer_Program/WebAuthn_Starter_Kit/WebAuthn_High_Level_Architecture_Overview.adoc
@@ -98,7 +98,7 @@ image::Images/arch2-registration-flow-v1.png[]
 image::Images/arch3-usernameless-registration-flow-v1.png[]
 *Figure 4 - Usernameless Registration Flow*
 
-AWS Cogntio only allows sign in via four attributes:
+AWS Cognito only allows sign in via four attributes:
 
  * username
 
diff --git a/content/Developer_Program/WebAuthn_Starter_Kit/WebAuthn_Registration_Flow.adoc b/content/Developer_Program/WebAuthn_Starter_Kit/WebAuthn_Registration_Flow.adoc
index 7bd9b267a..66239a2a7 100644
--- a/content/Developer_Program/WebAuthn_Starter_Kit/WebAuthn_Registration_Flow.adoc
+++ b/content/Developer_Program/WebAuthn_Starter_Kit/WebAuthn_Registration_Flow.adoc
@@ -1,7 +1,7 @@
 
 == WebAuthn registration process overview
 
-=== Pre-requisities
+=== Prerequisites
 
 The WebAuthn registration process described in this section is first and foremost based on the registration specification in the
 link:https://www.w3.org/TR/webauthn/[W3C WebAuthn standard]. The WebAuthn registration process is equivalent to the WebAuthn Make Credentials procedure. All WebAuthn registration parameters, JSON objects, and generic WebAuthn flows are based on the W3C WebAuthn standard.
@@ -154,7 +154,7 @@ image::Images/reg9-add-extra-yubikey-users-account.v2.png[]
 
 At this stage, the security key with resident credentials for can be used for Usernameless authentication in to the same account.
 
-If the user needs to re-use the same security key for the Usernameless flow, it is necessary to first delete the originally registered security key. Then only one security key is registed for the Usernameless flow.
+If the user needs to re-use the same security key for the Usernameless flow, it is necessary to first delete the originally registered security key. Then only one security key is registered for the Usernameless flow.
 
 image::Images/reg10-one-security-key-usernameless-flow-v2.png[]
 *Figure 11 - Only one security key is configured for the Usernameless flow*
@@ -443,7 +443,7 @@ image::Images/reg30-add-extra-yubikey-users-account-v2.png[]
 
 At this stage, the security key with resident credentials for can be used for Usernameless authentication in to the same account.
 
-If the user needs to re-use the same security key for the Usernameless flow, it is necessary to first delete the originally registered security key. Then only one security key is registed for the Usernameless flow.
+If the user needs to re-use the same security key for the Usernameless flow, it is necessary to first delete the originally registered security key. Then only one security key is registered for the Usernameless flow.
 
 image::Images/reg31-one-security-key-usernameless-flow-v2.png[]
 *Figure 33 - Only one security key is configured for the Usernameless flow*
diff --git a/content/Mobile/Concepts.adoc b/content/Mobile/Concepts.adoc
index eb339b9db..ce88d2981 100644
--- a/content/Mobile/Concepts.adoc
+++ b/content/Mobile/Concepts.adoc
@@ -85,7 +85,7 @@ The Configuration comprises key material and parameters for how a slot is used.
 Yubico OTP:: A One-Time Password algorithm developed by Yubico, typically using 44 characters, Modhex encoded.
 OATH-HOTP:: The event-based 6-8 digit OTP algorithm as specified in RFC-4226.
 Static password:: A static (non-changing) password.
-Challenge-Response:: A HMAC-SHA1 key for use with challenge-response protocols (programatically activated, can require touch).
+Challenge-Response:: A HMAC-SHA1 key for use with challenge-response protocols (programmatically activated, can require touch).
 
 When writing a configuration to a Slot, any previous configuration in that slot is overwritten. However, it is also possible to update an existing slot with new flags, which alters the parameters used for it. Whether a slot is updatable or not is itself defined by a flag, which must have been set during previous configuration for this command to work.
 
diff --git a/content/Mobile_Dev/WebAuthn/IOS/Improve_Mobile_User_Experience.adoc b/content/Mobile_Dev/WebAuthn/IOS/Improve_Mobile_User_Experience.adoc
index a3b64ac8f..7212b61b9 100644
--- a/content/Mobile_Dev/WebAuthn/IOS/Improve_Mobile_User_Experience.adoc
+++ b/content/Mobile_Dev/WebAuthn/IOS/Improve_Mobile_User_Experience.adoc
@@ -128,7 +128,7 @@ Figure 6 shows a code sample that includes a method that when invoked uses the b
 const platformEnums = {
   ANDROID_BIOMETRICS: {
     id: "ANDROID_BIOMETRICS",
-    platName: "Andorid Biometrics",
+    platName: "Android Biometrics",
   },
   WINDOWS_HELLO: {
     id: "WINDOWS_HELLO",
diff --git a/content/OTP/Libraries/Creating_your_own_library.adoc b/content/OTP/Libraries/Creating_your_own_library.adoc
index 6bd85353d..bca73371f 100644
--- a/content/OTP/Libraries/Creating_your_own_library.adoc
+++ b/content/OTP/Libraries/Creating_your_own_library.adoc
@@ -3,6 +3,6 @@ Did you not find what you were looking for? Considering writing your own library
 The Yubico OTP protocol is relatively straight-forward to implement and there is a lot
 of reference code in various languages. Here are some other useful resources:
 
- * link:https://demo.yubico.com[demo.yubico.com], to see what data is being sent/recieved when validating an OTP.
+ * link:https://demo.yubico.com[demo.yubico.com], to see what data is being sent/received when validating an OTP.
  * link:/yubikey-val/Getting_Started_Writing_Clients.html[Getting started writing clients]
  * link:/yubikey-val/Validation_Protocol_V2.0.html[Validation protocol specification]
diff --git a/content/OTP/OTPs_Explained.adoc b/content/OTP/OTPs_Explained.adoc
index 6a402205b..766376ddb 100644
--- a/content/OTP/OTPs_Explained.adoc
+++ b/content/OTP/OTPs_Explained.adoc
@@ -24,7 +24,7 @@ will allow the validation server to know which OTPs have already been used.
 
 image:otp_details.png[]
 
-The outputed OTP of the YubiKey OTP is provided in the Modhex characterset. The Modhex characterset uses characters common across the majority of latin alphabet QWERTY keyboard layouts, allowing for functionality regardless of the language set.
+The YubiKey OTP output is provided in the Modhex character set. The Modhex character set uses characters common across the majority of latin alphabet QWERTY keyboard layouts, allowing for functionality regardless of the language set.
 
 .Hex to Modhex Substitution
 [cols="2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2,2"]
diff --git a/content/OTP/Specifications/OTP_decryption_protocol.adoc b/content/OTP/Specifications/OTP_decryption_protocol.adoc
index 6c57fe202..a6db0e90e 100644
--- a/content/OTP/Specifications/OTP_decryption_protocol.adoc
+++ b/content/OTP/Specifications/OTP_decryption_protocol.adoc
@@ -36,4 +36,4 @@ For example:
 
 The data matching .* will be a english error message in one line.
 
-Any other kind of response means a hard error occured.
+Any other kind of response means a hard error occurred.
diff --git a/content/OTP/Specifications/OTP_validation_protocol.adoc b/content/OTP/Specifications/OTP_validation_protocol.adoc
index 44dbcbdf8..dedeede66 100644
--- a/content/OTP/Specifications/OTP_validation_protocol.adoc
+++ b/content/OTP/Specifications/OTP_validation_protocol.adoc
@@ -131,7 +131,7 @@ as described above.
 === Response
 
 If the verification server has successfully processed your request
-(even if the reponse is not a successful verification), it will return
+(even if the response is not a successful verification), it will return
 an HTTP status of `200 OK` with a text/plain body.
 
 If you get a `4xx` or `5xx` response you should retry your request a
diff --git a/content/PGP/Attestation.adoc b/content/PGP/Attestation.adoc
index 6c3cb48c7..e9ce3da57 100644
--- a/content/PGP/Attestation.adoc
+++ b/content/PGP/Attestation.adoc
@@ -12,7 +12,7 @@ The concept of attestation is to cryptographically certify that a certain asymme
 |===================
 |*Attestation Key*|Private signature key to sign the generated Attestation Statement (also called Attesting Key)
 |*Attestation Certificate*|X.509 certificate for the Attestation Key, used as template for Attestation Statement
-|*Attestated Key*|OpenPGP signature, decryption, or authentication key to attest was generated on device
+|*Attested Key*|OpenPGP signature, decryption, or authentication key to attest was generated on device
 |*Attestation Statement*|Generated X.509 certificate specifying the Attested Key details, signed by the Attestation Key
 |===================
 
@@ -75,8 +75,8 @@ Some features of the generated Attestation Statement:
 * Issuer will be the subject of the template Attestation Certificate
 * Dates will be copied from the template Attestation Certificate
 * Subject will be the string "YubiKey OPGP Attestation " with the attested slot appended ("SIG", "DEC", or "AUT")
-* If the attestion key is RSA the signature will be SHA256-PKCS#1v1.5
-* If the attestion key is EC the signature will be ECDSA-SHA256
+* If the attestation key is RSA the signature will be SHA256-PKCS#1v1.5
+* If the attestation key is EC the signature will be ECDSA-SHA256
 
 Extensions in the generated certificate:
 
diff --git a/content/PGP/Git_signing.adoc b/content/PGP/Git_signing.adoc
index 1cb59f3ac..54c7eb141 100644
--- a/content/PGP/Git_signing.adoc
+++ b/content/PGP/Git_signing.adoc
@@ -124,7 +124,7 @@ Date:   Sat Feb 22 11:00:00 2014 +0200
     Fixed a small undocumented feature that made foo crash
 ....
 
-As before, GPG has to have the public key of the signer to successuflly verify the signature.
+As before, GPG has to have the public key of the signer to successfully verify the signature.
 
 The previous command assumes that the commit of interest was the very last one. To verify a generic commit replace `HEAD` with the commit ID (`552b36ec86790bfdac679ab23e6d61133ff0b383` in this case).
 
@@ -148,7 +148,7 @@ If the signatures can not be verified, the merge will be aborted.
 
 Similarly, the `-S` switch can be used to sign the commit resulting from a merge.
 
-Also, if you created _annotated_ tags, when you merge them Git will create a new commit for you. During this process it will also verify the invovled signatures and include the verification output in the comment of the commit message.
+Also, if you created _annotated_ tags, when you merge them Git will create a new commit for you. During this process it will also verify the involved signatures and include the verification output in the comment of the commit message.
 
 Since Git version 2.2.0 it is also possible to sign git _pushes_ by doing `git push --signed`. This is used to prove the intention the author had of pushing a specific set of commits and have them become the new tip of some branch.
 
diff --git a/content/PGP/Importing_keys.adoc b/content/PGP/Importing_keys.adoc
index 169c71bb3..22bd8aa51 100644
--- a/content/PGP/Importing_keys.adoc
+++ b/content/PGP/Importing_keys.adoc
@@ -67,7 +67,7 @@ Should be the real name associated with this key.
 
   Email address:
 
-Should be the email adress associated with this key.
+Should be the email address associated with this key.
 
   Comment:
 
diff --git a/content/PGP/PGP_PIN_Change_Behavior.adoc b/content/PGP/PGP_PIN_Change_Behavior.adoc
index d237aa706..ec88dae0f 100644
--- a/content/PGP/PGP_PIN_Change_Behavior.adoc
+++ b/content/PGP/PGP_PIN_Change_Behavior.adoc
@@ -10,11 +10,11 @@ If a user enters their current PIN such that the full correct value has extra ch
 For example, consider the case where a user has their YubiKey's OpenPGP functionality to use PIN with the current value of `123456`, and they wish to change this to `abcdef`.
 
 . User connects to their GPG tool and runs the command `gpg --card-edit`
-. User enters the command `passwd` to initate a user PIN change
+. User enters the command `passwd` to initiate a user PIN change
 . When prompted for the current PIN, the user enters an incorrect PIN of `123456**7**`
 . When prompted for the new value for the PIN, the user enters `abcdef`
 
-In this case, the current value for the PIN will be accepted, even though it has an extra character `7` appended to it. The PIN will appear to be changed to the new value `abcdef`. However, attempting to use this new value for the PIN will fail with an incorrect PIN warning. In actuallity, the new value for the PIN will be `7abcdef`, with the extra characters provided for the current PIN being prefixed to the supplied value for the new PIN.
+In this case, the current value for the PIN will be accepted, even though it has an extra character `7` appended to it. The PIN will appear to be changed to the new value `abcdef`. However, attempting to use this new value for the PIN will fail with an incorrect PIN warning. In actuality, the new value for the PIN will be `7abcdef`, with the extra characters provided for the current PIN being prefixed to the supplied value for the new PIN.
 
 === Underlying Causes
 This behavior arises from the OpenPGP Card specification, which has an unfortunate ambiguity around the change PIN functionality.
diff --git a/content/PIV/Guides/Securing_SSH_with_OpenPGP_or_PIV.adoc b/content/PIV/Guides/Securing_SSH_with_OpenPGP_or_PIV.adoc
index 0c8239626..4f83380a0 100644
--- a/content/PIV/Guides/Securing_SSH_with_OpenPGP_or_PIV.adoc
+++ b/content/PIV/Guides/Securing_SSH_with_OpenPGP_or_PIV.adoc
@@ -70,10 +70,10 @@ link:../../SSH/Securing_SSH_with_FIDO2.html[Securing SSH with FIDO2]
 
 * FIDO2 allows for the direct generation of keys within the YubiKey itself, removing the need for a PKI framework or other applications for the generation of keys. OpenSSH directly interfaces with the FIDO2 function on the YubiKey, allowing it to select the key algorithm, as well as generating both discoverable as well as non-discoverable credentials.
 
-* With the support for both discoverable and non-discoverable FIDO2 credentials, FIDO2 allows SSH options for both local, secured endpoints with expidated ease of uses in addition to public open endpoints where credentials should remain on the YubiKey.
+* With the support for both discoverable and non-discoverable FIDO2 credentials, FIDO2 allows SSH options for both local, secured endpoints with expedited ease of uses in addition to public open endpoints where credentials should remain on the YubiKey.
 
 ==== Drawbacks to FIDO2
 
 * Windows does not yet support FIDO2 on SSH as of the last update to this page.
 
-* FIDO2 is based around a decentalized deployment, with no central server issuing or revoking keys. Keys must be indivdually deleted to revoke access in the event of lost or stolen YubiKeys.
+* FIDO2 is based around a decentralized deployment, with no central server issuing or revoking keys. Keys must be individually deleted to revoke access in the event of lost or stolen YubiKeys.
diff --git a/content/PIV/Guides/Smart_card-only_authentication_on_macOS.adoc b/content/PIV/Guides/Smart_card-only_authentication_on_macOS.adoc
index 7db124eda..23fff4432 100644
--- a/content/PIV/Guides/Smart_card-only_authentication_on_macOS.adoc
+++ b/content/PIV/Guides/Smart_card-only_authentication_on_macOS.adoc
@@ -55,7 +55,7 @@ The YubiKey is now required for all authentication tasks on the system.
 === Additional options
 
 Note that even though this guide uses self-signed certificates, any
-pair of certifcates stored in slot 9a and 9d may be used for pairing. To also verify that
+pair of certificates stored in slot 9a and 9d may be used for pairing. To also verify that
 the certificates used are trusted, configure the `checkCertificateTrust` option in the profile.
 
 The `tokenRemovalAction` may be added to the profile to automatically start the screensaver
diff --git a/content/SSH/Securing_SSH_with_FIDO2.adoc b/content/SSH/Securing_SSH_with_FIDO2.adoc
index a71b9b74b..3bf73b1cd 100644
--- a/content/SSH/Securing_SSH_with_FIDO2.adoc
+++ b/content/SSH/Securing_SSH_with_FIDO2.adoc
@@ -150,7 +150,7 @@ In addition to a native SSH client, the Windows OpenSSH beta release also contai
 . The SSH identity files (id_ecdsa_sk and  id_ecdsa_sk.pub) must be available in `~/.ssh/`
 
 
-Once those prerequisities are met, the openSSH client inside the WSL environment can be used seamlessly with the YubiKey plugged into the Windows host.
+Once those prerequisites are met, the openSSH client inside the WSL environment can be used seamlessly with the YubiKey plugged into the Windows host.
 
 
 == Troubleshooting
diff --git a/content/U2F/Libraries/Advanced_topics.adoc b/content/U2F/Libraries/Advanced_topics.adoc
index de5a204c4..d415013f6 100644
--- a/content/U2F/Libraries/Advanced_topics.adoc
+++ b/content/U2F/Libraries/Advanced_topics.adoc
@@ -1,10 +1,10 @@
 == Advanced Topics
 
 === Challenge Expiration
-While the lifespan of a challenge is not explictly defined in the U2F protocol, it is good practice to treat challenges older than _X_ minutes as expired. The ideal lifespan of a challenge depends on the latency of the connection as well as the ammount of time permitted to a user to interact with their U2F authenticator.
+While the lifespan of a challenge is not explicitly defined in the U2F protocol, it is good practice to treat challenges older than _X_ minutes as expired. The ideal lifespan of a challenge depends on the latency of the connection as well as the amount of time permitted to a user to interact with their U2F authenticator.
 
 === Device counters
-U2F devices sends an link:https://fidoalliance.org/specs/fido-u2f-v1.2-ps-20170411/fido-u2f-overview-v1.2-ps-20170411.html#counters-as-a-signal-for-detecting-cloned-u2f-devices[incrementing usage counter] to the server upon authentication. This counter is stored internally by the U2F authenticator and increments on each authentication event. The U2F library uses this counter to prevent the use of cloned devices, comparing the counter submitted by U2F authentcator against the value submitted during the last successful authentication event for that U2F device. For this protection to work, you have to persist the device info after each authentication. However, all U2F compatible devices by Yubico uses tamper-resistant Secure Elements designed to mitigate attempts to clone the device.
+U2F devices sends an link:https://fidoalliance.org/specs/fido-u2f-v1.2-ps-20170411/fido-u2f-overview-v1.2-ps-20170411.html#counters-as-a-signal-for-detecting-cloned-u2f-devices[incrementing usage counter] to the server upon authentication. This counter is stored internally by the U2F authenticator and increments on each authentication event. The U2F library uses this counter to prevent the use of cloned devices, comparing the counter submitted by U2F authenticator against the value submitted during the last successful authentication event for that U2F device. For this protection to work, you have to persist the device info after each authentication. However, all U2F compatible devices by Yubico uses tamper-resistant Secure Elements designed to mitigate attempts to clone the device.
 
 image:https://developers.yubico.com/U2F/Protocol_details/auth_flow4.svg[]
 
diff --git a/content/U2F/Standalone_servers/U2FVAL_REST_API.adoc b/content/U2F/Standalone_servers/U2FVAL_REST_API.adoc
index eb332c849..635d2b57d 100644
--- a/content/U2F/Standalone_servers/U2FVAL_REST_API.adoc
+++ b/content/U2F/Standalone_servers/U2FVAL_REST_API.adoc
@@ -42,7 +42,7 @@ The arguments passed to the function are invalid.
 The user has no eligible devices capable of performing the requested action.
 A +DeviceDescriptor[]+ containing the users devices will be passed along with
 this error, as it is often desirable to handle a user with no registered
-devices differently from a user with devices that have been marked conpromised
+devices differently from a user with devices that have been marked compromised
 and therefore been disabled.
 
 |DeviceCompromised|12  |
@@ -153,7 +153,7 @@ array matches the request in authenticateRequests with the same index.
 
 [source,javascript]
 ----
-dictionaty AuthenticateRequestData {
+dictionary AuthenticateRequestData {
   AuthenticateRequest[] authenticateRequests;
   DeviceDescriptor[] authenticateDescriptors;
 }
@@ -183,7 +183,7 @@ dictionary AuthenticateResponseData {
   The AuthenticateResponse to return to the server for validation.
 *properties* of type +Dictionary+::
   A Dictionary of properties to set for the Device for which authentication is
-  perfomed, if authentication succeeds.
+  performed, if authentication succeeds.
 
 === HTTP resources
 
diff --git a/content/U2F/Standalone_servers/U2FVAL_REST_API_V2.adoc b/content/U2F/Standalone_servers/U2FVAL_REST_API_V2.adoc
index 70aa8436f..2199e77c5 100644
--- a/content/U2F/Standalone_servers/U2FVAL_REST_API_V2.adoc
+++ b/content/U2F/Standalone_servers/U2FVAL_REST_API_V2.adoc
@@ -48,7 +48,7 @@ The arguments passed to the function are invalid.
 The user has no eligible devices capable of performing the requested action.
 A `DeviceDescriptor[]` containing the users devices will be passed along with
 this error, as it is often desirable to handle a user with no registered
-devices differently from a user with devices that have been marked conpromised
+devices differently from a user with devices that have been marked compromised
 and therefore been disabled.
 
 |DeviceCompromised|12  |
@@ -189,7 +189,7 @@ authentication. Each descriptor in the descriptors array matches the
 
 [source,javascript]
 ----
-dictionaty SignRequestData {
+dictionary SignRequestData {
   DOMString appId;
   DOMString challenge;
   RegisteredKey[] registeredKeys;
diff --git a/content/WebAuthn/Concepts/Handle_WebKit_User_Gesture.adoc b/content/WebAuthn/Concepts/Handle_WebKit_User_Gesture.adoc
index ce017a312..e1b87e434 100644
--- a/content/WebAuthn/Concepts/Handle_WebKit_User_Gesture.adoc
+++ b/content/WebAuthn/Concepts/Handle_WebKit_User_Gesture.adoc
@@ -3,7 +3,7 @@
 Learn how to overcome WebKits guardrails requiring the creation of new WebAuthn credentials to be triggered by user gestures
 
 == Overview
-The technical aspects of WebAuthn are standardized by the specification, but aspects of the User Experience are left up to not only the Developers of Web Applications, but by those developing Operating Systems, Platforms, Devices, and Browsers. This means that while developing your application, you need to take into account the behaviros of the system(s) that your user will be using to access your Web Application. Part of this could include prompts, menus, pop-ups that are displayed to the user, but there can exist constraints on how WebAuthn methods are triggered.
+The technical aspects of WebAuthn are standardized by the specification, but aspects of the User Experience are left up to not only the Developers of Web Applications, but by those developing Operating Systems, Platforms, Devices, and Browsers. This means that while developing your application, you need to take into account the behaviors of the system(s) that your user will be using to access your Web Application. Part of this could include prompts, menus, pop-ups that are displayed to the user, but there can exist constraints on how WebAuthn methods are triggered.
 
 One occurrence of this is Apple’s implementation in WebKit. WebKit will only allow a user to register a new credential with TouchID or FaceID if the request is triggered by a User Gesture. link:https://webkit.org/blog/11312/meet-face-id-and-touch-id-for-the-web/[Apple’s reasoning behind this design choice can be found here]. In this document we will explore the concept of User Gestures, the potential impacts to the design of an application, and how to incorporate the required gesture into an existing application.
 
@@ -50,7 +50,7 @@ In this example you have a React component named Register. Register has a form f
     return(
       <>
         {/*
-        * In this space add a form handler to allow the user to enter their choosen username
+        * In this space add a form handler to allow the user to enter their chosen username
         */}
         <button
           onClick={SignUp}
@@ -79,7 +79,7 @@ Apple has defined a user gesture as user activated events such as:
   * Keydown
   * Etc..
 
-The example above shows that it's required for a user to press the “Registration” button to begin the credential creation process. But if you attmempt to register with WebKit you'll still receive an error. While the button click is a user activated event, the moment you begin to call out to the WebAuthn component’s signUp method, you have left the current “context” of the event/button click. The event is not sent to the signUp() method, and subsequently also not be sent to the create() method when attempting to create the credential - meaning that WebKit will NOT allow the create() method to execute.
+The example above shows that it's required for a user to press the “Registration” button to begin the credential creation process. But if you attempt to register with WebKit you'll still receive an error. While the button click is a user activated event, the moment you begin to call out to the WebAuthn component’s signUp method, you have left the current “context” of the event/button click. The event is not sent to the signUp() method, and subsequently also not be sent to the create() method when attempting to create the credential - meaning that WebKit will NOT allow the create() method to execute.
 
 The easy fix would be to change the button event handler to call directly to your Authentication service to get the challenge, and within the same context trigger the create() method. While this solution works, it goes against the principle of not creating duplicate logic across the code of the application. If you were to make a change in the WebAuthn component, you would then need to make the change in the other event handlers that call the create() method.
 
@@ -101,8 +101,8 @@ Below is sample code that will help your application determine what platform + b
   *This is not enough to determine if a device is Mac + Safari
   *Example of userAgent on mac + chrome
   *'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.99 Safari/537.36'
-  *There is a similar occurance on mac + Edge
-  *What we want to do is establish that the browser is an Apple devie, and not running Chrome or Edge, but is running Safari
+  *There is a similar occurrence on mac + Edge
+  *What we want to do is establish that the browser is an Apple device, and not running Chrome or Edge, but is running Safari
   */
   function isWebKitDevice(){
     const { userAgent } = navigator;
@@ -209,7 +209,7 @@ Now that you have a component to handle WebKit, you need a way for it to appear
     return(
       <>
         {/*
-        * In this space add a form handler to allow the user to enter their choosen username
+        * In this space add a form handler to allow the user to enter their chosen username
         */}
         <button
           onClick={SignUp}
diff --git a/content/WebAuthn/Concepts/Using_WebAuthn_for_Signing.adoc b/content/WebAuthn/Concepts/Using_WebAuthn_for_Signing.adoc
index 0eb152923..f4e30b813 100644
--- a/content/WebAuthn/Concepts/Using_WebAuthn_for_Signing.adoc
+++ b/content/WebAuthn/Concepts/Using_WebAuthn_for_Signing.adoc
@@ -3,7 +3,7 @@
 While WebAuthn was designed primarily for authentication, the framework can be extended to support signing with keypairs generated on authenticators without requiring custom clients for end users.
 
 == Overview
-During a standard WebAuthn interaction, a WebAuthn authenticator creates a unique asymmetric keypair with a relying party at registration, with the private key residing only on the authenticator and the public key sent back. As part of the registration event, a challenge from the relying party is signed with the unique keypair and returned. Afterwards, an authentication event uses this key pair to sign a challenge which includes a random string provided by the relying party. In short, the registration and authenticaiton events consists of a cryptographic signing process with the public key returned, which is then used to sign a data set which is provided by the relying party. Replacing the randomly generated challenge with a hash of a file to be signed allows this signature flow to be applied to actual documentation, with the public key also available for verification after the fact.
+During a standard WebAuthn interaction, a WebAuthn authenticator creates a unique asymmetric keypair with a relying party at registration, with the private key residing only on the authenticator and the public key sent back. As part of the registration event, a challenge from the relying party is signed with the unique keypair and returned. Afterwards, an authentication event uses this key pair to sign a challenge which includes a random string provided by the relying party. In short, the registration and authentication events consists of a cryptographic signing process with the public key returned, which is then used to sign a data set which is provided by the relying party. Replacing the randomly generated challenge with a hash of a file to be signed allows this signature flow to be applied to actual documentation, with the public key also available for verification after the fact.
 
 The main advantages to this flow is it allows for any cryptographic algorithm supported by the WebAuthn framework to be used, and can leverage the existing WebAuthn support in browsers or local APIs. All of the modifications required would be limited to the WebAuthn libraries/servers owned by the relying party, permitting a service to implement arbitrary file signing without requiring significant user commitment.
 
@@ -16,7 +16,7 @@ In the link:https://www.w3.org/TR/webauthn-2/#sctn-op-make-cred[MakeCredential]
 
 Further, the link:https://www.w3.org/TR/webauthn-2/#enum-userVerificationRequirement[User Verification] behavior is also defined by the MakeCredential operation, allowing a relying party to define if the credential will require a PIN or biometric supplied by the user to be created. This is recommended to ensure the user has defined a PIN and/or biometric identifier for their WebAuthn Authenticator. This can allow for securing keypairs used for signing to only valid users of the WebAuthn Authenticator, by also defining the User Verification as required for the Authentication events leveraged for signing.
 
-In addition, it is also recommneded link:https://www.w3.org/TR/webauthn-2/#sctn-attestation[Attestation] is enabled during the registration event to verify the authenticity of the WebAuthn authenticator being used. Other fields in the MakeCredential can be provided with other identifying information or left to default values. However, it is important to note the originID (specifically, the rp.id value) should match the endpoint the user is provided to access the signing service, as is the case in a standard WebAuthn service.
+In addition, it is also recommended link:https://www.w3.org/TR/webauthn-2/#sctn-attestation[Attestation] is enabled during the registration event to verify the authenticity of the WebAuthn authenticator being used. Other fields in the MakeCredential can be provided with other identifying information or left to default values. However, it is important to note the originID (specifically, the rp.id value) should match the endpoint the user is provided to access the signing service, as is the case in a standard WebAuthn service.
 
 With the MakeCredential operation creating a keypair with the algorithm defined, the link:https://www.w3.org/TR/webauthn-2/#sctn-op-get-assertion[GetAssertion] operation is used to actually sign the data. The GetAssertion flow also supplies a challenge from the relying party to the authenticator to be signed as part of the link:https://www.w3.org/TR/webauthn-2/#sctn-verifying-assertion[Authentication] ceremony. This challenge can be replaced with a hash of the document to be signed, creating an association with the document or data set to be signed. The method in which this hash is generated should be determined by the capabilities of the environment and security requirements under which the application is run. 
 
diff --git a/content/WebAuthn/WebAuthn_Developer_Guide/Resident_Keys.adoc b/content/WebAuthn/WebAuthn_Developer_Guide/Resident_Keys.adoc
index 1bec3177e..bbfe5e2aa 100644
--- a/content/WebAuthn/WebAuthn_Developer_Guide/Resident_Keys.adoc
+++ b/content/WebAuthn/WebAuthn_Developer_Guide/Resident_Keys.adoc
@@ -42,6 +42,6 @@ In this configuration, the authenticator will only display the credentials assoc
 In this configuration, no discoverable credential information will be returned unless it is preceded by user verification.
 The credential protection policy is set by an RP at registration; the policy is applied to the created discoverable key and not the authenticator as a whole. Further, the user verification extension must be set to required for the credential protection to function correctly - failure to do so may result in the credential never being exposed for even valid authentication events. The authenticator does need to be able to interpret the credential protection request to properly create the credential, limiting support to the new YubiKey 5Ci and other YubiKeys with the 5.2.3 firmware. 
 
-All of the User Verification options only apply to discoveralble credentials. If residentKey is set to false for registration by a relying party, these options will not be applied as the created credential cannot be discovered.
+All of the User Verification options only apply to discoverable credentials. If residentKey is set to false for registration by a relying party, these options will not be applied as the created credential cannot be discovered.
 
 link:Algorithms.adoc[Next: Algorithms]
diff --git a/content/YubiHSM2/Commands/Import_Wrapped.adoc b/content/YubiHSM2/Commands/Import_Wrapped.adoc
index 452612f3a..20126a997 100644
--- a/content/YubiHSM2/Commands/Import_Wrapped.adoc
+++ b/content/YubiHSM2/Commands/Import_Wrapped.adoc
@@ -30,7 +30,7 @@ I := link:../Concepts/Object_ID.adoc[Object ID] of the Wrap Key (2 bytes)
 
 N := Nonce associated with this wrapped Object (13 bytes)
 
-O := Wrapped link:../Concepts/Object.adoc[Object] (Length dependant on Object)
+O := Wrapped link:../Concepts/Object.adoc[Object] (Length dependent on Object)
 
 === Response
 
diff --git a/content/YubiHSM2/Component_Reference/python-yubihsm/index.adoc b/content/YubiHSM2/Component_Reference/python-yubihsm/index.adoc
index 8e6d4f787..2a645a2d7 100644
--- a/content/YubiHSM2/Component_Reference/python-yubihsm/index.adoc
+++ b/content/YubiHSM2/Component_Reference/python-yubihsm/index.adoc
@@ -21,7 +21,7 @@ Successfully installed asn1crypto-0.22.0 cffi-1.10.0 cryptography-1.8.1 enum34-1
 (yubihsm) $
 ....
 
-NOTE: The `cryptography` dependency uses C extensions, and therfore has some build
+NOTE: The `cryptography` dependency uses C extensions, and therefore has some build
 dependencies. For detailed instructions on getting building, see:
 https://cryptography.io/en/latest/installation/
 
diff --git a/content/YubiHSM2/Releases/Known_issues.adoc b/content/YubiHSM2/Releases/Known_issues.adoc
index 272e4a6c4..820feab3c 100644
--- a/content/YubiHSM2/Releases/Known_issues.adoc
+++ b/content/YubiHSM2/Releases/Known_issues.adoc
@@ -50,11 +50,11 @@ The tool uses a catch-all for the rest which may not be correct.
 === PKCS#11 Module Limitations
 
 - The PKCS#11 module only supports symmetric encryption with `CKM_YUBICO_AES_CCM_WRAP`. Support for `CKK_AES` or `CKM_AES_CBC` was added in firmware version 2.3 and `yubihsm-shell` 2.4.0
-- `CKA_ID` can only be two bytes long on the device and is therefore truncated to that length. Support for longer values is introduced in version 2.4.0 via the use of Meta Objects (See PKCS#11 wiht JAVA in link:../Component_Reference/PKCS_11/index.adoc[PKCS#11 with YubiHSM 2])
-- `CKA_LABEL` is maximum 40 bytes.  Support for longer values is introduced in version 2.4.0 via the use of Meta Objects (See PKCS#11 wiht JAVA in link:../Component_Reference/PKCS_11/index.adoc[PKCS#11 with YubiHSM 2])
+- `CKA_ID` can only be two bytes long on the device and is therefore truncated to that length. Support for longer values is introduced in version 2.4.0 via the use of Meta Objects (See PKCS#11 with JAVA in link:../Component_Reference/PKCS_11/index.adoc[PKCS#11 with YubiHSM 2])
+- `CKA_LABEL` is maximum 40 bytes.  Support for longer values is introduced in version 2.4.0 via the use of Meta Objects (See PKCS#11 with JAVA in link:../Component_Reference/PKCS_11/index.adoc[PKCS#11 with YubiHSM 2])
 - `C_InitPIN()`, `C_SetPIN()` and `C_InitToken()` are not supported. Equivalent operations have to be done through other interfaces (e.g., `yubihsm-shell`).
 - `C_CopyObject()` is not supported. Objects are never modifiable after creation
-- `C_SetAttributeValue()` can only be used to set `CKA_ID` or `CKA_LABEL` on an object via the use of Meta Objects with version 2.4.0 or later (See PKCS#11 wiht JAVA in link:../Component_Reference/PKCS_11/index.adoc[PKCS#11 with YubiHSM 2]). Prior to 2.4.0, C_SetAttributeValue could only be used to set the same CKA_ID or CKA_LABEL on an object, not to change it.
+- `C_SetAttributeValue()` can only be used to set `CKA_ID` or `CKA_LABEL` on an object via the use of Meta Objects with version 2.4.0 or later (See PKCS#11 with JAVA in link:../Component_Reference/PKCS_11/index.adoc[PKCS#11 with YubiHSM 2]). Prior to 2.4.0, C_SetAttributeValue could only be used to set the same CKA_ID or CKA_LABEL on an object, not to change it.
 
 === EdDSA Limitations
 
diff --git a/content/YubiHSM2/Releases/Release_notes.adoc b/content/YubiHSM2/Releases/Release_notes.adoc
index 54ec90117..d2f182454 100644
--- a/content/YubiHSM2/Releases/Release_notes.adoc
+++ b/content/YubiHSM2/Releases/Release_notes.adoc
@@ -89,8 +89,8 @@
 * PKCS11: Improve handling of attributes
 * PKCS11: Improve debug output
 * PKCS11: Improve error handling
-* PKCS11: Change in firmware/harware version representation. The version as reported by C_GetSlotInfo and C_GetTokenInfo will now show minor*10+patch, instead of minor*100+patch
-* Build: Dependecy updates
+* PKCS11: Change in firmware/hardware version representation. The version as reported by C_GetSlotInfo and C_GetTokenInfo will now show minor*10+patch, instead of minor*100+patch
+* Build: Dependency updates
 * Connector: Add changelog
 * Connector: Minor code improvements
 
@@ -224,7 +224,7 @@
 * Install: YubiHSM Shell has 32 and 64-bit MSI installers for Windows
 * PKCS11: Enable .Net to load yubihsm-pkcs11.dylib
 * Library: Add a session identifier for the backend
-* Libray/KSP: Make the backend more thread-safe on Windows
+* Library/KSP: Make the backend more thread-safe on Windows
 * Library/Shell: Build with Windows with Visual Studio 2019
 * Shell: Update build scripts to account for changes in newer MACOS
 * Shell: Honor the base64 format when returning a public key
diff --git a/content/YubiHSM2/Usage_Guides/OpenSSH_certificates.adoc b/content/YubiHSM2/Usage_Guides/OpenSSH_certificates.adoc
index c27d7ecaf..ab306ac43 100644
--- a/content/YubiHSM2/Usage_Guides/OpenSSH_certificates.adoc
+++ b/content/YubiHSM2/Usage_Guides/OpenSSH_certificates.adoc
@@ -218,7 +218,7 @@ $ pipenv run yubihsm-ssh-tool templ -T timestamp_pub.pem -k 10 -b 300 -a 36000 -
 
 Here, the file `timestamp_pub.pem` contains the timestamp certificate
 public key, the CA key ID is 10, certificates should only be issued
-if their validity is at most 5 minutes in the past (to accomodate
+if their validity is at most 5 minutes in the past (to accommodate
 for clock skew) and at most 10 hours in the future. Also, certificates
 for user `root` are not allowed.
 
diff --git a/content/YubiHSM2/Usage_Guides/Using_YubiHSM2_with_Java/XML_signing_with_YubiHSM2.adoc b/content/YubiHSM2/Usage_Guides/Using_YubiHSM2_with_Java/XML_signing_with_YubiHSM2.adoc
index 7ed8f1249..baef2f00c 100644
--- a/content/YubiHSM2/Usage_Guides/Using_YubiHSM2_with_Java/XML_signing_with_YubiHSM2.adoc
+++ b/content/YubiHSM2/Usage_Guides/Using_YubiHSM2_with_Java/XML_signing_with_YubiHSM2.adoc
@@ -119,14 +119,14 @@ make: *** [verify] Error 7
 In this case, either the XML document was changed after its signature was generated, or the public key in the certificate does not match the private key used for signing.
 Either way, the XML signature cannot be used to establish trust in the XML document's authenticity.
 
-For more informatin, see link:https://shibboleth.atlassian.net/wiki/spaces/XSTJ3/pages/2369683717/Using+PKCS11+Credentials[Using PKCS11 Credentials] from the `xmlsectool` documentation.
+For more information, see link:https://shibboleth.atlassian.net/wiki/spaces/XSTJ3/pages/2369683717/Using+PKCS11+Credentials[Using PKCS11 Credentials] from the `xmlsectool` documentation.
 
 === A real-world example: SAML metadata signing
 
 One example application of using XML signatures is in identity federation, where users can logon to a web application after authenticating somewhere else.
 A well-known protocol used for identity federation is SAML 2.0, and this protocol is based on XML.
 
-The parties where users may want to logon (called Service Provicers) need to exchange information with the parties where users authenticate (called Identity Providers),
+The parties where users may want to logon (called Service Providers) need to exchange information with the parties where users authenticate (called Identity Providers),
 and this link:https://en.wikipedia.org/wiki/SAML_metadata[SAML 2.0 Metadata] is typically signed using XML Signatures so it can be automatically verified by SAML peers.
 
 Consider the following SAML 2.0 metadata document for a ficticious Service Provider which specifies its identifier (entity ID), its SAML signing certificate and 
diff --git a/content/YubiHSM2/Usage_Guides/YubiHSM2_for_ADCS_Guide/Configuring_the_Primary_YubiHSM_2_Device.adoc b/content/YubiHSM2/Usage_Guides/YubiHSM2_for_ADCS_Guide/Configuring_the_Primary_YubiHSM_2_Device.adoc
index 62a1e4076..747d7aeaa 100644
--- a/content/YubiHSM2/Usage_Guides/YubiHSM2_for_ADCS_Guide/Configuring_the_Primary_YubiHSM_2_Device.adoc
+++ b/content/YubiHSM2/Usage_Guides/YubiHSM2_for_ADCS_Guide/Configuring_the_Primary_YubiHSM_2_Device.adoc
@@ -117,7 +117,7 @@ Stored application authentication key with ID 0x0003 on the device
 Saved wrapped application authentication key to {path} 0x0003.yhw
 ....
 
-The wrapped application authentication key (0x0003.yhw) has been saved to the same path as the location of the YubiHSM Setup program. Although encrypted using the wrap key, we recommend that you do not store keys under wrap on a network-accessible or otherwise potentially comprisable storage media. Leave the file where it was saved for now, as it will be used later to create a backup. You can remove the application authentication key afterwards.
+The wrapped application authentication key (0x0003.yhw) has been saved to the same path as the location of the YubiHSM Setup program. Although encrypted using the wrap key, we recommend that you do not store keys under wrap on a network-accessible or otherwise potentially compromisable storage media. Leave the file where it was saved for now, as it will be used later to create a backup. You can remove the application authentication key afterwards.
 
 *Step 9*	 The final step of the YubiHSM 2 setup process is to decide whether to create an audit key. The audit key is used to access the internal audit log of the device which holds information about the last 62 operations performed. It is also used to reset the log if needed. Depending on your local requirements, you may not need to create an audit key. If you are unsure of your requirements,
 we suggest you create an audit key.
diff --git a/content/YubiHSM2/Usage_Guides/YubiHSM_2_Windows_Deployment_Guide--Configure_YubiHSM_2_Key_Storage_Provider_for_Microsoft_Windows_Server/Install_the_YubiHSM_Tools_and_Software.adoc b/content/YubiHSM2/Usage_Guides/YubiHSM_2_Windows_Deployment_Guide--Configure_YubiHSM_2_Key_Storage_Provider_for_Microsoft_Windows_Server/Install_the_YubiHSM_Tools_and_Software.adoc
index 56d7fe611..2978a3615 100644
--- a/content/YubiHSM2/Usage_Guides/YubiHSM_2_Windows_Deployment_Guide--Configure_YubiHSM_2_Key_Storage_Provider_for_Microsoft_Windows_Server/Install_the_YubiHSM_Tools_and_Software.adoc
+++ b/content/YubiHSM2/Usage_Guides/YubiHSM_2_Windows_Deployment_Guide--Configure_YubiHSM_2_Key_Storage_Provider_for_Microsoft_Windows_Server/Install_the_YubiHSM_Tools_and_Software.adoc
@@ -53,7 +53,7 @@ SERVICE_NAME: certsvc
         DEPENDENCIES       : yhconsrv
         SERVICE_START_NAME : localSystem
 ....
-To remove depedencies for ACDS, use the same command for adding depedencies with a blank depend field: `sc config "certsvc" depend=""`
+To remove dependencies for ACDS, use the same command for adding dependencies with a blank depend field: `sc config "certsvc" depend=""`
 
 
 
diff --git a/content/YubiHSM2/Usage_Guides/YubiHSM_2_for_Microsoft_SQL_Server_Deployment_Guide--Enabling_Always_Encrypted_with_YubiHSM_2/Basic_Setup_of_YubiHSM_2_and_SQL_Server.adoc b/content/YubiHSM2/Usage_Guides/YubiHSM_2_for_Microsoft_SQL_Server_Deployment_Guide--Enabling_Always_Encrypted_with_YubiHSM_2/Basic_Setup_of_YubiHSM_2_and_SQL_Server.adoc
index 188c8410b..67f21a4a9 100644
--- a/content/YubiHSM2/Usage_Guides/YubiHSM_2_for_Microsoft_SQL_Server_Deployment_Guide--Enabling_Always_Encrypted_with_YubiHSM_2/Basic_Setup_of_YubiHSM_2_and_SQL_Server.adoc
+++ b/content/YubiHSM2/Usage_Guides/YubiHSM_2_for_Microsoft_SQL_Server_Deployment_Guide--Enabling_Always_Encrypted_with_YubiHSM_2/Basic_Setup_of_YubiHSM_2_and_SQL_Server.adoc
@@ -32,7 +32,7 @@ image::ex-test-database.png[]
 
 **Figure 2 - Example of test database**
 
-*Step 2* Expland *Databases > Sales3 > Tables*, right-click on *Tables* and select *Create new table…* Add some columns, for example "Name”, “Address”, “ZipCode”, “City”, “Country”. Save the table and give it the name “Table_Customers” for example.
+*Step 2* Expand *Databases > Sales3 > Tables*, right-click on *Tables* and select *Create new table…* Add some columns, for example "Name”, “Address”, “ZipCode”, “City”, “Country”. Save the table and give it the name “Table_Customers” for example.
 
 image::ex-test-table.png[]
 
diff --git a/content/YubiHSM2/Usage_Guides/YubiHSM_2_for_Microsoft_SQL_Server_Deployment_Guide--Enabling_Always_Encrypted_with_YubiHSM_2/Configure_SSMS_for_Database_Encryption.adoc b/content/YubiHSM2/Usage_Guides/YubiHSM_2_for_Microsoft_SQL_Server_Deployment_Guide--Enabling_Always_Encrypted_with_YubiHSM_2/Configure_SSMS_for_Database_Encryption.adoc
index f0d735e5b..8f74c4cd6 100644
--- a/content/YubiHSM2/Usage_Guides/YubiHSM_2_for_Microsoft_SQL_Server_Deployment_Guide--Enabling_Always_Encrypted_with_YubiHSM_2/Configure_SSMS_for_Database_Encryption.adoc
+++ b/content/YubiHSM2/Usage_Guides/YubiHSM_2_for_Microsoft_SQL_Server_Deployment_Guide--Enabling_Always_Encrypted_with_YubiHSM_2/Configure_SSMS_for_Database_Encryption.adoc
@@ -2,7 +2,7 @@
 
 To configure Microsoft SQL Server and SSMS with the basic database settings needed for testing Always Encrypted in conjunction with YubiHSM 2, set SSMS to display the encrypted columns in clear text.
 
-*Step 1* Click the *Connect Object Explorer* icon. The *Connect to Server* window appears. Click *Options, select the *Always Encrypted* tab, and seleck *Enable Always Encrypted (column encryption)*. To make the changes take effect, click the *Disconnect* icon and then the *Connect* icon.
+*Step 1* Click the *Connect Object Explorer* icon. The *Connect to Server* window appears. Click *Options, select the *Always Encrypted* tab, and select *Enable Always Encrypted (column encryption)*. To make the changes take effect, click the *Disconnect* icon and then the *Connect* icon.
 
 image::23-enable-always-encrypted-in-ssms.png[]
 
diff --git a/content/projects/yubikit-ios/Guidelines.partial b/content/projects/yubikit-ios/Guidelines.partial
index d36845665..7aa037b99 100755
--- a/content/projects/yubikit-ios/Guidelines.partial
+++ b/content/projects/yubikit-ios/Guidelines.partial
@@ -17,13 +17,13 @@
 <li>The application receives a session from the server (#6) and navigates to the main UI (#7).</li>
 </ol>
 
-<p>Not all iOS devices support NFC reading. Some devices may have older versions of iOS or some may not have access to the NFC reading capability. To address such an issue, the enrolment flow can include a <em>desktop bridged</em> solution. In such a scenario a secret can be generated on a desktop app or website and send it to the application by encoding it into a QR code. YubiKit provides the ability to scan QR codes for this purpose. Consult the library documentation to find out how this can be done.</p>
+<p>Not all iOS devices support NFC reading. Some devices may have older versions of iOS or some may not have access to the NFC reading capability. To address such an issue, the enrollment flow can include a <em>desktop bridged</em> solution. In such a scenario a secret can be generated on a desktop app or website and send it to the application by encoding it into a QR code. YubiKit provides the ability to scan QR codes for this purpose. Consult the library documentation to find out how this can be done.</p>
 
 <p><img src="docassets/QR2FA.png" alt="QR2FA"></p>
 
 <p>The authentication in this scenario is very similar with the NFC scanning. The only difference is on the second step of the authentication (#4) where the secret is generated on a desktop machine using a <strong>YubiKey</strong> (#4.1, #4.2). The requirement to use the YubiKey is important because the generation of the QR code should not be allowed unless the user is strongly authenticated.</p>
 
-<p>To simplify the design, the desktop/web app can ask the user to authenticate with the YubiKey (OTP, U2F, etc.) and then use again the YubiKey to generate a OTP which is encoded in the QR Code. In this case a unified design for the enrolment APIs from the server can be used, where the OTP source is considered secure, as long as a YubiKey was used in the process.</p>
+<p>To simplify the design, the desktop/web app can ask the user to authenticate with the YubiKey (OTP, U2F, etc.) and then use again the YubiKey to generate a OTP which is encoded in the QR Code. In this case a unified design for the enrollment APIs from the server can be used, where the OTP source is considered secure, as long as a YubiKey was used in the process.</p>
 
 <h2 id="toc_2">2. Using Yubico OTP as 1FA</h2>
 
@@ -39,14 +39,14 @@
 
 <p>After following these steps, the server will be able to validate the Yubico OTPs received from the key for that specific account.</p>
 
-<p>Next, when the user wants to enrol or authenticate using the mobile app, he/she can use directly the Yubico OTP for both identity lookup and authentication.</p>
+<p>Next, when the user wants to enroll or authenticate using the mobile app, he/she can use directly the Yubico OTP for both identity lookup and authentication.</p>
 
 <p><img src="docassets/OTP1FA.png" alt="OTP1FA" title="Using the Yubico OTP from the YubiKey for 1FA"></p>
 
 <ol>
 <li>The application asks the user to scan the YubiKey.</li>
 <li>The application reads the OTP from the YubiKey using YubiKit (#1).</li>
-<li>The application validates the user identity agains the server by sending only the OTP to the server(#2).</li>
+<li>The application validates the user identity against the server by sending only the OTP to the server(#2).</li>
 <li>The server receives the login request and derives from it the Public ID, finds the associated account and validates the OTP for that account (#2). </li>
 <li>The application receives a session from the server (#3) and navigates to the main UI (#4)</li>
 </ol>
@@ -57,33 +57,33 @@
 
 <hr>
 
-<h2 id="toc_3">3. Using the YubiKey for one time enrolments</h2>
+<h2 id="toc_3">3. Using the YubiKey for one time enrollments</h2>
 
-<p>Some applications may have UX requirements where using always the YubiKey can be an impediment for the usability of the application. In a scenario where the application is used very often for a very short time, an enrolment mechanism involving the YubiKey can be used instead. On first run, the application asks the user to authorise/enrol the application using a YubiKey. The app requires again the usage of the YubiKey <em>on demand</em>, only when important requests are performed by the client.</p>
+<p>Some applications may have UX requirements where using always the YubiKey can be an impediment for the usability of the application. In a scenario where the application is used very often for a very short time, an enrollment mechanism involving the YubiKey can be used instead. On first run, the application asks the user to authorise/enroll the application using a YubiKey. The app requires again the usage of the YubiKey <em>on demand</em>, only when important requests are performed by the client.</p>
 
-<p>To increase the security of this approach a <em>time limited enrolment</em> can be used, so the user needs to reauthorise the application every [X] days. Depending on the security requirements and the type of application [X] can be shorter or longer.</p>
+<p>To increase the security of this approach a <em>time limited enrollment</em> can be used, so the user needs to reauthorise the application every [X] days. Depending on the security requirements and the type of application [X] can be shorter or longer.</p>
 
 <p>The application needs (not only in this scenario) to provide strong security when communicating with the server by taking advantage of the build-in APIs provided by iOS like <a href="https://developer.apple.com/documentation/security/keychain_services?language=objc">keychain services</a>, <a href="https://developer.apple.com/documentation/localauthentication?language=objc">local authentication framework</a> and hardware features like the <a href="https://developer.apple.com/documentation/security/certificate_key_and_trust_services/keys/storing_keys_in_the_secure_enclave?language=objc">Secure Enclave</a> and <a href="https://developer.apple.com/videos/play/wwdc2014/711/">Touch ID</a>.</p>
 
-<p>The next diagram shows a possible enrolment solution, where the YubiKey is used only <em>on demand</em> when an important transaction is performed:</p>
+<p>The next diagram shows a possible enrollment solution, where the YubiKey is used only <em>on demand</em> when an important transaction is performed:</p>
 
 <p><img src="docassets/OTPEnroll.png" alt="OTP2FA" title="Enrolment example"></p>
 
-<p>The enrolment process involves three major steps:</p>
+<p>The enrollment process involves three major steps:</p>
 
 <ol>
 <li>The application requests the OTP from the YubiKey (1, 2).</li>
 <li>The application uses the Secure Enclave (SE) to create a key pair (3).</li>
-<li>The application requests from the server to enrol the instance by passing the OTP (for enrolment validation) and the public key from the generated key pair at #2, for future communication (4, 5).</li>
+<li>The application requests from the server to enroll the instance by passing the OTP (for enrollment validation) and the public key from the generated key pair at #2, for future communication (4, 5).</li>
 </ol>
 
-<p>After the enrolment process is completed once, the application will be able to use the private key to generate a signature when communicating with the server. </p>
+<p>After the enrollment process is completed once, the application will be able to use the private key to generate a signature when communicating with the server. </p>
 
 <p>In case of login: </p>
 
 <ol>
 <li>The application can build a login payload which is signed with the SE (6). The SE will prompt for Touch ID or passcode to allow the payload to be signed. </li>
-<li>The application sends the payload to the server (7), which is using the enrolment public key to validate the authenticity of the request. If the signature is confirmed the client is allowed to login (8).</li>
+<li>The application sends the payload to the server (7), which is using the enrollment public key to validate the authenticity of the request. If the signature is confirmed the client is allowed to login (8).</li>
 </ol>
 
 <p>If the user requests an important operation from the server, the application needs to send a signed request with an OTP (Double verification policy - SE signature and YubiKey):</p>
diff --git a/content/projects/yubikit-ios/index.partial b/content/projects/yubikit-ios/index.partial
index 25ded7f11..3d8383dd1 100755
--- a/content/projects/yubikit-ios/index.partial
+++ b/content/projects/yubikit-ios/index.partial
@@ -6,7 +6,7 @@
 
 <p><strong>YubiKit</strong> is an iOS library provided by Yubico to interact with YubiKeys on iOS devices. </p>
 
-<p>The library supports NFC-enabled YubiKeys and provides the APIs to request an OTP (Yubico OTP or HOTP) from the NFC YubiKeys using a NFC-enabled iOS device. The library provides also a built-in QR Code reader which can be used as an alternative enrolment mechanism for iOS devices which don&#39;t support NFC reading. </p>
+<p>The library supports NFC-enabled YubiKeys and provides the APIs to request an OTP (Yubico OTP or HOTP) from the NFC YubiKeys using a NFC-enabled iOS device. The library provides also a built-in QR Code reader which can be used as an alternative enrollment mechanism for iOS devices which don&#39;t support NFC reading. </p>
 
 <p>Starting from version 2.0.0, YubiKit adds support for the YubiKey 5Ci, a security key design by Yubico for iOS devices.</p>
 
@@ -1341,7 +1341,7 @@ fido2Service.execute(verifyPinRequest) { (error) in
 
 <ol>
 <li><p>After PIN verification, YubiKit will automatically append the required PIN auth data to the FIDO2 requests when necessary. YubiKit does not cache any PIN. Instead it&#39;s using a temporary shared token, which was agreed between the key and YubiKit as defined by the CTAP2 specifications. This token is valid as long the session is opened and it&#39;s not persistent.</p></li>
-<li><p>After verifying the PIN and executing the necessary requests with the key, the application can clear the shared token cache by calling <code>[clearUserVerification]</code> on the FIDO2 Service. This will also happen when the key is unplugged from the device or when the session is closed programatically.</p></li>
+<li><p>After verifying the PIN and executing the necessary requests with the key, the application can clear the shared token cache by calling <code>[clearUserVerification]</code> on the FIDO2 Service. This will also happen when the key is unplugged from the device or when the session is closed programmatically.</p></li>
 <li><p>After changing the PIN, a new PIN verification is required. </p></li>
 </ol>