Don’t use passwords or user IDs that include personal information like your birth date or Social Security number.
Don’t use your mother’s maiden name as a security question. Pick something more obscure, like your childhood pet’s name.
Don’t leave passwords in plain view—on your monitor, for example.
Don’t use the same password for multiple sites. If crooks crack your Twitter account, they can access your bank account too.
Do create passwords that are at least 8 to 16 characters long, with a mix of capital letters, numbers, and symbols. They’re harder to crack.
Do use random pattern codes to create passwords. For example, pick two computer keys—say, 4 and 7. Type straight down the keyboard from 4 until you reach the bottom (the letter V), then type one character to the left. Then do the same for 7, this time using all caps. You now have a meaningless password that reads 4rfvc7UJMN, but all you have to remember is 47. Or use the first letter of each word in a line from a favorite song or poem.
Do change passwords often, about once a month.
Do hold your cursor over an unknown link before clicking on it, and look at the bottom of your Web browser. It will show where the link is actually taking you to.
Do note the wording before the last period of a URL (just to the left of .com, .org, .edu, etc.). It’s what counts. So paypal.com is legitimate, but paypal.1234.com is fake.
Do look out for links with the @ symbol. Browsers ignore everything to the left of it, so firstname.lastname@example.org is not a PayPal site.
Do watch for deliberate misspellings—like paypol.com—designed to trick you into clicking.