Hackers constantly think up new and creative ways to break into people's online banking, email and Facebook accounts, but their latest scams are usually based on the same old tricks.
Sometimes they'll use high-tech hacks to break into a website and steal passwords, or sneak malicious software onto your computer to spy on you.
But often it's easier to bluff their way past security or to simply trick you into handing over important information.
A healthy paranoia is one of your best defences. Never trust emails or phone calls claiming to be from your bank or phone company, especially if they request personal information. Remember, they contacted you - they could be anyone. Also avoid clicking links in emails to visit their sites, as it could be a bogus site designed to steal your password. It's safer to type in the address yourself.
Another important security precaution is to create strong passwords. Use more than eight characters with a mix of upper- and lower-case letters as well as numbers and symbols. Avoid dictionary words and simple number substitutions such as ''p4ssw0rd". Hackers are awake to such tricks.
A password needs to be easy to remember, but using ''123456'' or ''qwertyuiop'' is asking for trouble and most services won't let you use them. Don't use your birthday, or the names of your pets or children. Hackers know they're popular passwords and such details are often easy to find online, perhaps from your Facebook page
The trick to creating a strong password is to choose something that looks like gibberish but isn't hard for you to remember. One handy method is to use the first letters of a phrase or lyric. For example, the first lines of Advance Australia Fair could become ''AaLuR-fWaYaF*1788'' - easy for you to remember but difficult for a person to guess or a computer to crack.
It's also important to choose difficult security questions, which are used if you forget your password and need to reset it. Hacking into your email and then resetting your other passwords is a common trick used to break into Facebook, Google, Apple and Amazon accounts. Your mother's maiden name or the name of your primary school are poor choices because such information can often be found online.
It's best to make up your own security questions if possible, or to use difficult questions that can't be easily guessed or found online. For an extra layer of security, you might send your password reset details to a separate email address, making it harder for hackers to access them.
A strong password is a great first line of defence, but don't use the same password for everything. The more sensitive the service, such as your online banking, the more important it is to use a unique password.
To make life easier you might devise a pattern for remembering your various passwords, such as using different lines from the same song. Or you might break your passwords into several parts, using a base password along with a unique suffix. Whatever pattern you use, make sure it's not so obvious that if someone discovers one password they can easily guess the others. If you're still struggling to remember your passwords, consider password-locker services such as Lastpass and 1Password, which can generate strong passwords for you.
Many online services use your email address as your login, which makes life easier for hackers because they now have the first piece of the puzzle. For an extra layer of protection, consider creating unique logins or email addresses for your different services. Many email services let you create aliases such as firstname.lastname@example.org and email@example.com, which can forward to your main firstname.lastname@example.org inbox. This trick ensures hackers can't break into Bob's Apple account using email@example.com, even if they know his password.
Two-factor authentication is another security precaution that can foil hackers.
It relies on something you know, such as your password, and something you have, such as a key chain that generates seemingly random numbers. Key chains are used by some online banking services.
But that something you have could also be your mobile phone.
If you enable Google and Facebook's two-factor authentication, when you try to log in from a new device for the first time you're also required to enter a code that is sent to your phone via SMS.
Facebook calls two-factor authentication ''login approvals''. Once you've entered the code, it's possible to tick ''remember this device'' so you don't need to go through this process every time you log in using your own computer. The beauty of two-factor authentication is that even if hackers know your login and password, they still can't break into your accounts unless they have your phone.
Even two-factor authentication isn't a magic bullet for online security, but if you take a few simple precautions you can make things much harder for those trying to hack into your digital life.
HOW TO PLAY IT SAFE
- Use passwords that look like gibberish
- Don't use the same password for everything
- Choose difficult security questions
- Don't trust people who call, or links in emails
- Don't use the same email address for everything
- Turn on two-factor authentication
- FFX Aus
Do you check your smartphone in bed?Related story: Smartphone etiquette - should you take it to bed?