Thanks for sharing your experiences and detailed reflections! There is a ton of great advice in your comment, worth at least two more articles. Just wanted to let you know that I very much appreciate your contribution.

I have had an article about security questions on my list since submitting this article last week. So this will be coming up soon.

There are a lot of ways to store passwords and create secure ones. I have added some of the links in the article above.

I used to have a very easy (and not so secure) password and tons of little notes that would be impossible to find when I needed them ;)

But for a few years now, I have been using Roboform to store my passwords (and to create new secure ones with the built-in generator) and have no regrets.

Even if I did not like that they stopped offering their lifetime upgrade when they upgraded to version 7 (I had to stay with Firefox 3 for a while because of this), I still liked the ease of use and apparent simplicity of the program (Don’t worry, it is not so simple. In fact, it can be rather complex and powerful).

But I was fortunate enough to win a free license recently (on an internet forum) so I now have it in the latest version of Firefox, in IE 9 and in Google Chrome (unfortunately, it is broken in the latest version of Opera).

So anyways, it is important to safeguard yourself by any means (whatever the program or strategy you use) and this article comes at just the right time.

And remenber, you are NEVER too secure!

Do think about more than just the anonymous hacker, my son had a big problem with a former girlfriend who made determined efforts to take over his email and social networking accounts. Initially she’d got access by shoulder surfing his password. Having got in she changed all the reminder options. It wasn’t easy but he was eventually able to regain control. Then he used a security question for which she was able to find the answer so he was back to square one.

Common suggestions for ecret question and answer are “your first school”, “Mother’s maiden name” – the answers may be discoverable by a third party (ex girlfriend!). It is OK to use those reminder questions, just don’t use the “correct” answer. Set the name of your first school or mothers maiden name to be something quite different like “albatross”.

Don’t try to be “clever” with passwords. Nobody would ever think of using NCC1701 would they? Wrong (if you don’t know why, Google it!).

Consider using Gmail’s two factor security – the problem with this is understanding how it works, how to set it up and use it, the documentation is lengthy but inadequate. Don’t use any but your own PC/phone or use those with a third party WiFi connection unless you have two factor email security enabled. Two factor security prevents logon from any but your own usual PC, Phone, Laptop unless you enter a second one-time password. So a hacker may get your normal password but won’t be able to use it.

In Gmail there is an option to view “details of last account activity”. It only takes a few seconds to look and see if anything unusual has been happening.

Don’t regard email passwords as a minor issue “who cares if someone reads my email, it’s just chit-chat I’ve got no secrets”. Wrong. If a malicious person gets into your account if you are lucky all they’ll do is use it to send spam or malware to everyone in your address book. However they can do far more damage:

They can get password reminders from other online services sent there.

They can impersonate you. The previously mentioned evil ex girlfriend sent perverted sexually explicit messages to anyone with a female name and homosexual proposals to the males.

I know 3 people whose friends all got a personal email along the lines of “Hi, please can you help me. I’m on holiday in Spain and my car has been impounded, I urgently need 3000 euros to get it released and I’m not carrying that kind of money. I will refund you as soon as I get back home next week.” In all 3 cases someone DID help out, sending the cash via Western Union (hence unrecoverable). In my opinion the owner of the email account was at fault for having inadequate security and should refund his friends – but what if several friends had “helped” him? The bill could be impossibly large. (In my opinion Western Union should be regarded by the authorities as guilty of money laundering – but it seems not…)

Another friend owns a holiday villa. Someone hacked her email account and set a filter such that rental enquiries were intercepted, forwarded elsewhere and deleted from the account. The hacker then responded to enquiries offering a really good deal (reduced price, free use of the car parked at the villa) for prompt booking and payment (Western Union again of course). She and the holiday maker were unaware that anything had gone wrong until much later.