Don’t use passwords or user IDs that include personal information such as your birth date.
Don’t use your mother’s maiden name as a security question. Pick something more obscure, such as your childhood pet’s name.
Don’t leave passwords in plain view – on your monitor, for example.
Don’t use the same password for multiple sites. If crooks crack your Twitter account, they can access your bank account, too.
Do create passwords that are at least eight to 16 characters long, with a mix of capital letters, numbers and symbols. They’re harder to crack.
Do use random pattern codes to create passwords. For example, pick two computer keys – say, 4 and 7. Type straight down the keyboard from 4 until you reach the bottom (the letter V), then type one character to the left. Then do the same for 7, this time using all caps. You now have a meaningless password that reads 4rfvc7UJMN, but all you have to remember is 47. Or use the first letter of each word in a line from a favourite song or poem.
Do change passwords often, about once a month.
Do hold your cursor over an unknown link before clicking on it, and look at the bottom of your web browser. It will show where the link is actually taking you to.
Do note the wording before the .com, .com.au, .org.au (or similar) part of the URL. It’s what counts. So while paypal.com is legitimate, paypal.1234.com is fake.
Do look out for links with the @ symbol. Browsers ignore everything to the left of it, so firstname.lastname@example.org is not a PayPal site.
Do watch for deliberate misspellings – such as paypol.com – designed to trick you into clicking.