Two-factor authentication--like that --is a step in the right direction. At least with two-factor authentication an attacker would still have to have access to your fingerprints, or physical possession of your smartphone to use in conjunction with a cracked password.

But--with or without two-factor authentication--there's no reason to make it easier than necessary for the bad guys. Passwords like "123456," or "qwertyu," or "password" don't even require any sort of , and provide attackers with at least one of the keys to your personal data and information. Also, make sure you never--under any circumstances-- with anyone.

Again, though, you can't control the security--or lack thereof--of the third-party entities you do business with online. All you can do is choose to do business with sites and services that take security seriously--and use different passwords for each site so that a breach of one doesn't become a breach of your entire online presence.