3. Ask security minded questions. Contact the company's customer service line or helpdesk if they have one and ask what kind of security they have in place for accounts and passwords. Ask the company point blank if they encrypt passwords and how. If they say "no," chances are good you do not want to have an account with them. They should mentioning things like RC4 ciphers and 256-bit AES encryption! If the company is confident in their security they should tell you they use firewalls, IDS, anti-virus and all kinds of other great tools. Knowledge is power, so search the web for things like "is AES secure." It is incredible what you can find with a simple search like this. But remember, just because customer service says the site is secure doesn't guarantee it is.
4. Look at what kind of data the site is asking for. Sites today want your birth date, Social Security number, address, height and weight, eye color, and this is all for a monthly coupon site that is sending me deals in my local area? This is all very fishy (or should I say phishy). Instinct is a great tool. You wouldn't buy merchandise off a sketchy individual you just met on the street, would you? Then why would you do business with a company equally as sketchy. Just because the website looks legit doesn't mean the people running it are. Hackers want to blend in, they want you to think that they are legit so by the time you figure it out it is too late.
5. Change passwords frequently. We cannot stress enough the importance of changing your passwords frequently. If you feel it is a burden to change them think of what a burden it will be to have your identity stolen or your accounts hacked and emails sent out to colleagues that cost you business or damage your reputation.
6. Don't use the dog's name. Many people do everything right, choose different emails, don't sign up for many email lists, are very cautious, and then choose a password like MyCompany#1, or MikeyandSarah. Don't use common words or phrases for your passwords. Hackers know you do this and have created lists of these passwords used to hack accounts. Pick things that only your most intimate friends and family will know about. Pick the place you went on your honeymoon, for instance, or a random word like hippo. Now add them together to create SAfricaHippo. Believe it or not this is still easy to guess so now change common letters to numbers that look similar. Zero will substitute for an O, seven for the letter T, four for A, and so on. Now you will have S4fric4Hipp0. You can now take it to the next level and substitute a letter for a special character that looks similar: dollar sign ($) for an S, or the at symbol (@) for an A. Now you have $4fric4Hipp0 which is easy to remember, not a standard word and is not easy to guess even for people that know you well.
7. Have multiple passwords. If you cannot change your password because it is just too difficult, then at least have multiple passwords for your accounts. Don't use the same password for your junk email account that you do for your bank account. Think of it like a set of keys. What are the keys for? Do they go to your house, your car, that empty suitcase? Now think who you let have those keys. The same holds true for passwords, why would you want to use the same password for your junk email hosted in another country with different laws then you do for your bank access?