We can all be smart enough to create our passwords and PIN codes in such a way that they are not easily guessed. Frankly this is becoming essential with the more services like Google Mail and other services are becoming the centre of your electronic universe by providing authentication to other companies and services through their your ID with Google, Hotmail (Windows Live), Facebook. You must consider the strength of your password, changing it somewhat regularly, and how easy it might be to guess.
In my job I see people setting their password to 'CompanyName1#', or 'CompanyName2!', this is far too easy to figure out for the social hacker, but I don't think people take corporate risks seriously. I'll let your System Administrators lecture you about that. Let's talk about YOUR security, personal security.
What is your e-mail password right now? Your kid's name, the family dog, your phone number? These easy to find out. Do you leave a key under your front doormat? Really?
Let's consider the idea of a password. Hackers can use brute force attacks to try to break into your account, though the implementation of Captcha functionality is making that more difficult, but if you want to be secure, use a variety of letters, numbers, and where possible, punctuation. For example, you can take a memorable word, 'memorable', and make it almost impossible to guess: 'm3mor@ble', 'Mem0rabl3', or 'M3Morab1e#'
This switching of characters is fairly logical, looking at these examples:
- a (A) = @, 4
- l (L) = 1 (one), !
- e (E) = 3
- s (S) = 5
- 3 = #
As I said, examples. The key is making it your own, complex, but memorable.
Have more than one. keep one for correspondence, another for contests, and another for financial services. Most web-based mail services will accommodate having multiple addresses, and collecting or forwarding the mail to one account. This could even be an unpublished account. This may be my next project, to redirect all of my mail to an unpublished account, but let's not get paranoid.
I would advise that you NOT use the e-mail from your ISP, it gives them too much power and frankly Google, Yahoo, and Microsoft (Live.com) have awesome web-based e-mail tools. That's not to say you can download your mail or use Outlook, Thunderbird, etc., but you are better off not using the ISP-based services.
If the site is even the least bit questionable, or you're just not ready to trust The Internet, don't don't use your own credit card. I do NOT mean that you use someone else's, but rather, go buy a Visa or MasterCard Gift Credit Card and use that to make the purchase.
Look for sites that use PayPal. While this may not get your everything you might want to buy, the service is a very good option, and very important if you're interested in buying through eBay. You can buy many things, possibly anything, with a combination of PayPal and eBay. You don't even need a credit card! You can connect your PayPal account to a personal bank account and while this is convenient I'd offer my sister's advice, make it an account that is for that express purpose, don't leave money in that account, and it can't be transferred (requested) by PayPal should the account ever become compromised. I wouldn't connect a credit card to your PayPal account. Using a separate e-mail for financial institutions that's not disclosed to others may also be a good idea.
Now, if you're a shopaholic do NOT go near eBay! Oh my you can buy things so easily there. Especially when you don't see it leaving your personal account because the only way to pay is with PayPal. Though, it's like it's free money, already spent in once sense, but still not spent, but you can stick to a budget this way.
Keeping it locked down. PayPal and eBay offer you a relatively new form of protection, the Verisign ID. You can either purchase a fob (like a key-chain trinket) that will display seemingly random but definitely not random numbers that ensure you are the holder of the fob and therefore the owner of the account, or by downloading a SmartPhone application to your iPhone, Android, or BlackBerry device that serves the same purpose as the fob. Verisign's browser tool bar, fob and their mobile phone offering for iOS, Android, and BlackBerry are a great, option for security. The SmartPhone option seems ideal, if you don't lose your phone. The browser tool bar is great if you are vigilant about locking your computer with a strong password. To see if a site you use is using this technology, click here.
PayPal.com and eBay.com allow you to use the Verisign technology to protect your accounts with them.
Using Verisign on PayPal: Enabling a Security key on PayPal
Footnote: XKCD, and on-line comic, has a good point too. Enjoy!