DON’T..Use a dictionary word as your password. If you must, then string several together into a pass phrase.
Use standard number substitutions.
DON’T..Think “P455w0rd” is a good password? N0p3! Cracking tools now have those built in.
DON’T..Use a short password—no matter how weird.
DON’T..Today’s processing speeds mean that even passwords like “h6!r$q” are quickly crackable. Your best defense is the longest possible password.
DO'S.
DO..Enable two-factor authentication when offered. When you log in from a strange location, a system like this will send you a text message with a code to confirm. Yes, that can be cracked, but it’s better than nothing.
DO..Give bogus answers to security questions. Think of them as a secondary password. Just keep your answers memorable. My first car? Why, it was a “Camper Van Beethoven Freaking Rules.”
DO..Scrub your online presence. One of the easiest ways to hack into an account is through your email and billing address information. Sites like Spokeo and WhitePages.com offer opt-out mechanisms to get your information removed from their databases.
DO..Use a unique, secure email address for password recoveries. If a hacker knows where your password reset goes, that’s a line of attack. So create a special account you never use for communications. And make sure to choose a username that isn’t tied to your name—like m****n@wired.com—so it can’t be easily guessed.