1. Don't pick a weak password. As astonishing as it seems, people continue to use "123456" and "password" for their passwords, even though those have consistently been ranked the weakest, most easily guessable passwords for years. When you're asked to create or update a password for a site, avoid simple patterns that are easily guessed. SplashData and TeamsID suggest you select something that's 12 characters or longer, using letters, numbers and other symbols.
2. Use multifactor authentication. An increasing number of online services that revolve around sensitive information (such as Gmail, online bank accounts and Slack, a group communication system favored by many companies) offer the option for an additional step between entering your password and accessing your account. (Typically, a code is sent to the phone number you have on record.) It takes a bit longer to gain entrée to the site, but it's a notable deterrent for someone trying to compromise your account.
3. If biometrics is an option, take it. Smartphones, tablets and laptops are increasingly letting you log on with a fingerprint instead of a password. That's not only more secure, it also prevents you from forgetting your password. HSBC is one company embracing the movement, launching voice recognition and touch security services for up to 15 million U.K. customers who access their accounts through their mobile devices.
"The launch of voice and touch ID makes it even quicker and easier for customers to access their bank account, using the most secure form of password technology — the body," Francesca McDonagh, head of retail banking and wealth management for HSBC UK told the BBC.