Use Multi-Factor Authentication

Whenever possible, use multi-factor authentication. Most banks and high-profile web service providers (e.g. Google) provide multi-factor authentication mechanisms. Hardware-based multi-factor authentication is the best (See Yubikey). For services that do not support multi-factor authentication natively, you can still use a hardware device with a static key as part of your password.

Changing Default Passwords

Never leave any default passwords unchanged. This includes, but is not limited to:

• Routers
• Modems
• PIN numbers for phone systems
• E-mail accounts
• Any other web-based accounts

Never Use Your Social Security Number

Never use your real social security number as a password or security answer. It is illegal for any company to require you to give your social security number (with a few exceptions, such as credit and background checks).

Never Use Your Fingerprint(s) for Authentication

Under current US law, you can be forced to give up your fingerprints (and any other physical means of authentication, such as keys) to be used as evidence against you. If you use your fingerprints for authentication, this has security implications.
Under current US law, you can not be compelled to give up passwords, pass phrases, or any other knowledge-based portions of authentication, that are in your head.

Using Browser Profiles

To segregate your personal data from the wild west of the World Wide Web, you can use separate browser profiles.

Using Browser Extensions

There are many web browser extensions that can enhance your security and privacy when browsing the web. See my list of recommended Firefox Extensions for Security

Browser Settings

Firefox

• Show Full URL (including HTTP/HTTPS)
  Set the following:

  browser.urlbar.trimURLs = false

Five

Six