1. Whenever possible, configure your Internet connection to always use HTTPS. This is the “https” that appears before the “www” in a Web address, and the https is preceded by a padlock icon.
For Gmail, this works by clicking Settings in the top right; select the General tab, then hit Always use HTTPS, then save this setting. This option is not available for those who access email via Hotmail.
2. Do not open unfamiliar emails. If you open one you think is from someone you know but realize it’s not, delete immediately. Do not click any links in the message or send the sender personal or banking information. Once you open that link, your computer could become infected by a phishing scam and your information stolen.
3. Install anti-virus, anti-spyware and firewall on your computer and keep them updated. Automated updates are the ideal choice.
4. Do not log into your accounts from an untrusted computer (e.g., at the coffee house, library), or one that you don’t maintain (e.g., friends’ and family’s). Even if you trust your friends and family, their computer could be infected from spyware.
5. Make sure your passwords, plus security questions and answers are strong. Every six months, change your passwords. Never use the same password for different accounts. A strong password has upper and lower case letters plus numbers and punctuation, forming a non-English word.
6. Find out just how secure your passwords are. Some setups indicate strength with a rating of “weak” to “strong.” Always choose “strong.” If there’s no rating, go to How Secure Is My Password by just click on this link (https://howsecureismypassword.net/) to see how fast your account can be hacked.
On the “How Secure” site, don’t type in your actual password if you’re skittish about doing that (even though the site is secure and will never release it anywhere), but type in something similar. So if your password is “catlover,” type in “horselover” and see what happens.
7. Your password should not be on the list of the most popular passwords. Here is the full list (http://www.welivesecurity.com/2012/06/07/passwords-and-pins-the-worst-choices/). If yours is there, change it immediately, even if you must give up an easy-to-type sequence.
8. Enable two-step verification if you use Google for any activity. The two-step adds additional security to a Google account. After entering your username and password, you’ll then enter in a code that Google sends out via voicemail or text when you sign in. This will make it harder for someone to guess a password.
9. Use a password manager. This service eliminates the need to type in a password at log-in; log in with one click. A master password eliminates having to remember all your different passwords.
10. You may think your password is unique because it’s a jumble of characters, but it may not be very strong simply because it’s not long enough. The longer that uniqueness, the more uncrackable the password will be.