Reinforce Your Financial Fort Knox

Checking the locks on the windows and changing your passwords should be a routine chore for everyone. The only problem is remembering when you last did it.

That makes Jan. 1 (or any day thereafter; it's OK to fudge) the perfect time to institute this new habit. With so many of us managing our financial lives online, or at least occasionally accessing accounts to see whether that check cleared, a security breach can spell disaster. One line of defense is to change up your access codes at least twice a year.

So please allow me to be the nag.

Accounts, Accounts Everywhere!

It's hard enough to remember where you put your keys, let alone all of the accounts you may have set up. Here's a list to jog your memory:

• Checking/savings
• Credit cards
• Brokerage (or mutual fund company)
• Mortgage
• Employee retirement plan
• Work benefits (e.g., flexible spending and/or health savings accounts)
• Insurance companies (auto, home, renter's, life)
• College savings accounts
• Online shopping sites
• Online payment sites (e.g., PayPal)

Your password should use a complex assortment of letters, numbers, and random punctuation marks. And don't just use your dog's name or kids' birthdays. Everyone does that. A few suggestions:

• Words separated by any character that requires you to press the "shift" key and hunt and peck to find a random symbol (like "^", which is above the 6).
• Nonsensical words (that you'll remember, of course) that have numbers or characters within them.
• Your stripper name (your first pet's name plus the first street you lived on) followed by the age you think you can pass for in low light (29).

Be sure to clue in a loved one (a.k.a. the person in your will) about your passwords. Should the unthinkable happen, you want him or her to be able to access important information.

Lock the Deadbolts, Too

Passwords are only one line of defense against ne'er-do-wells. Be sure to take other measures to keep the bad guys at bay.

• Don't put the good stuff on a handheld device. And if you must, handcuff it to yourself. If you lose your BlackBerry, having your Social Security number and a list of bank and brokerage accounts on it only compounds the potential damage.
• Seriously, don't click that! We've all gotten those emails from banks we don't even do business with, saying there's a problem with our nonexistent account. Ignore the solicitations.
• See whether anyone's spying. To guard against the less obvious snoops, take a tour of your computer to see whether anyone's lurking. The CERT Coordination Center, operated by Carnegie Mellon University, has a library of Internet security tips, from installing initial security measures to responding to incidents and fixing email abuses.
• Don't answer that. Phishing can also happen offline when, for example, a thief gets information about where you bank or do business and then calls and tries to get additional information from you -- such as your password. Hang up and then call your financial institution directly to see whether there's a legit problem.
• Regularly review your data for security leaks. Actually look at your credit card and bank account statements to make sure no funny business has taken place. If a bill or bank or other account statement is late arriving in the mail, call the provider and find out why. You want to make sure someone hasn't ferreted through your mailbox for personal information.

Sadly, this is only a partial list of protective measures. If you're really paranoid, make the FTC's ID theft website your home page. It's updated regularly with the latest scams. And see the "related links" on this page for more advice on keeping the bad guys away and what to do if they get to you.