A spy virus stole millions of passwords. Here's how to keep your password secure.
Tools exist. They're not always convenient or foolproof, but it's better to put them to use than to leave your front door open to bad guys:
• Antivirus software: It won't solve all your problems, but it's a start. These programs scan for known computer viruses. They're of limited use for brand new attacks, but some products can detect phishing scams and other common schemes.
• Use a secure connection: When connecting to any website that uses your personal information, make sure you're using a secure, encrypted connection. Here's how to spot it: Look at the address bar above. Does the website URL start with HTTP or HTTPS? There's a difference. The added "s" stands for "secure" -- no one can eavesdrop on your Internet session.
• Use two-factor authentication: This is the best way to make sure no one else can pose as you. If you set it up, every sign-in will require two steps. First you enter the usual username/password combination. Then you'll get a unique one-time code sent to your phone (or other device). It's a third, temporary password.
Even if your login credentials are stolen, with two-factor authentication, hackers won't be able to get in (unless they have your phone too). Amazon (AMZN), Google (GOOG), Facebook and Twitter (TWTR) offer this as an option.