TWO-FACTOR AUTHENTICATION

Having unique, strong passwords is a great first step, but even those can be stolen. So for your most important accounts (think your main email, your Facebook and Twitter accounts) you might want to add an extra layer of protection known as two-factor (or two-step or 2FA) authentication.

By enabling two-factor you'll need something more than just your password to log into those accounts. Usually, it's a numerical code sent to your cellphone, or it can be a code created by an ad-hoc app (which is great if your cellphone doesn't have coverage at the time you're logging in).

There's been a lot of attention recently around how mobile phones may not be suitable as 2FA devices. Activist Deray McKesson's phone number was hijacked, meaning hackers could then have the extra security codes protecting accounts sent straight to them. And the National Institute of Standards and Technology (NIST), a part of the US government that writes guidelines on rules and measurements, including security, recently discouraged the use of SMS-based 2FA.

The attack on Deray was low tech: It essentially involved getting his phone company to issue a new SIM card to the attackers. It's hard to defend against that, and there are other ways to get those codes sent via SMS, as text messages can, in theory, be intercepted by someone leveraging vulnerabilities in the backbone that carries our conversations. There is also the possibility of using an IMSI-catcher, otherwise known as a Stingray, to sweep up your communications, and verification texts too.