Strong and confidential passwords are essential, not just for financial sites, but for social networking sites too. With social networking sites like Facebook and Twitter, there's the danger of people faking their way into the site and posting something embarrassing about you or others. They could use your account for hate speech or to bully or defame another person or put something on your site that jeopardizes your reputation or even your safety. Another risk is that they could use your online profile to assume your identity as part of a con, such as logging into a person's Facebook account and using it to solicit money from his friends to a "friend" out of a tight spot.
Children and teens should be especially careful to never share their passwords, even with their best friends. It's sometimes tempting for kids to give out their password to a friend so that the friend can update or check their profile for them, but it's a bad idea. Friends have a way of becomng ex-friends and there is the danger that a friend might share the password or be careless with it.
Hard to guess but easy to remember. One of the best ways to protect your online security is to have strong passwords that you change periodically. But that's easier said than done. Coming up with hard-to-guess passwords is hard enough, but it's even harder to have separate passwords for different sites and to remember new ones after you change them.
Create a password that's hard to guess but easy to remember by making up a phrase. You could type in the entire phrase (some sites let you use spaces, others don't) or you can use the initials of each word in the phrase, for instance, "IgfLESi#85″ for "I graduated from Lincoln Elementary School in '85″ with a # symbol to add more security. An even better one would be "Mn1bfihswE&S" for "My number 1 best friends in high school were Eric and Steve." You get the idea -- upper case numbers, letters, and symbols that are seemingly meaningless to everyone but you.
Don't use the same password on all sites. But even if you do come up with a clever and hard-to-remember password, don't use it for every site. Since lots of people do that, there's the risk that a sleazy site operator -- or a sleazy person who works for a legitimate site -- could use it to break into your accounts on other sites. Or if hackers break into a site and grabs some passwords, they might try to use those passwords on other sites. One trick is to add a couple of unique characters for each site. For example for your Google accounts you could have Go somewhere in the password and perhaps Fk in your Facebook password.
Consider two-factor authentication. Two-factor authentication means something you have and something you know -- like your ATM card and your pin number. These days that usually entails the site sending a code to your cell phone that you enter before you can log-in. It's a little inconvenient, but it does greatly improve security. One problem is that you could be locked-out if your phone has a dead battery or is missing, but here's a trick from my Forbes blog on how to use Google Voice to prevent that problem.
For more, see ConnectSafely.org's Tips for Strong Secure Passwords.