1. Get a good password manager.
The best passwords are long strings of letters, numbers, and symbols that you can’t remember. So you’ll need a tool to keep track of them — ideally, one you can access from any device. Look for a product that not only stores passwords but also generates them for you. I like 1Password, which works well on Mac OS, Windows, iOS, and Android.
2. Perform a password audit.
Import all your existing passwords into your password manager (you probably have more than you realize stored in your browser). Now for the audit. Search for reused passwords first; these are your biggest security risk. Eliminate every instance of repetition. Then search for schemes (like 1234Facebook or 1234Google). A savvy hacker — or cracking program — will get past those in seconds. Finally, sort your passwords by strength and change the weak ones.
3. Search your email.
Your inbox is a treasure trove of passwords. An easy solution: Do a simple search for “password” and delete all the results. Also search for “login” and “username.” This way, if someone does get into your email, he’ll have a harder time finding all your accounts.
4. Wall off critical accounts.
Your bank, email, online investing, cell phone, Internet service, and data storage accounts are critical. Take extra steps to protect these. If you haven’t already done so, set up two-step verification for such accounts. Two-step login requires an additional code that’s sent to your phone (the code changes each time). If your bank doesn’t offer two-step verification, change to one that does.
More from Wired