Following the recent news that user information of PSN accounts has been compromised I am quite alarmed to read comments from many people about how they have the same login for lots of different places.
Your online security is as much your responsibility as anyone that you share your credentials with. So it's time to man up and sort it out!
1) Keep your receipts
I've bought stuff online many times including directly from console manufacturer's online stores. They send me an email receipt for all my transactions whether I care about it or not. I have a Gmail account which is free, accessible from any online device and has plenty of storage. I just make a folder and stash all my receipts there. I never look at them unless I'm given reason to - like Sony have given me reason to today.
I can check the card number (or last 4 digits) I used, the date of my transactions etc etc. It doesn't matter that the vendor's network is down, I have my receipts. I can now check activity against these accounts to see if any activity is going on that shouldn't be.
2) Multiple email accounts
Nerdy but useful. I have more than one email account (they're free after all!) and I use one *solely* for online transactions and banking. This is a blunt but effective spam filter as it keeps a lot of spam away from my regular email address. It also makes phishing scams much easier to spot. If I get emails from my bank / paypal / Prince of Namibia to my regular account then, chances are, it's a scam.
3) Password management
I have heaps of sites that I log into. I used to re-use the same username/password details for most of them. Not very secure. I ended up with so many logins that I got a password manager to do the hardwork for me.
I tried a few and highly recommend LastPass. Which is free (though a premium version exists too).
LastPass looks after your passwords for you and will plug into your web browser. It will fill in the login boxes for you without you having to type. It's great.
Where is really really great is that you can have unique passwords like "uaXGFG81x?>" for every single login. That's what mine are like. I don't even know what half my passwords are because LastPass does. So long as I know my LastPass login (the last password I ever needed) then all my logins can be both unique and secure.
It works for me, your mileage may vary.
4) Lo-tech password tip
Passwords need to be something you can easily remember but nobody else can. A really effective cheat is to just take a word you can remember and type it in using a key to the left of the correct key on the keyboard.
Say your preferred password is "DECEMBER" the key next to D is "S", the key next to E is "W". So "DECEMBER" becomes "SWXWNVWE". Simple and effective.
5) Check your bank statments regularly.
Seriously, I speak to people who tell me they only look at theirs once a month. Unless you're so wealthy you don't need to worry about your money, keep tabs on it. I know it sounds like it's really obvious but I also know there's a lot of people that just don't check.
None of these are cast-iron gurantees you will never be compromised but they may give you a bit of a boost.
For what it's worth, I've had my card details used fraudulently but because I checked my transactions regularly and spoke to my bank when I spotted something odd it got sorted out very quickly. In fact, I'm glad it happened as I now have more confidence in my bank's ability to tackle these issues.
My bank now monitors that account and if activity occurs on it that doesn't match my usual spending trend the bank will halt the transaction and call me up. When I built a new PC and bought loads of bits from loads of different vendors my bank assumed it was suspect behaviour (buying small but pricey goods from numerous vendors in the space of a few days). They cancelled all the transactions and the orders didn't go through. They called me to explain what happened. I went through the security processes, was able to explain it was me doing the transactions and the account got cleared and all was good.
I was really pleased my bank did this but, according to the bank, they get a lot of complaints for this cautionary behaviour. I would much rather have to enter an order a second time and make a couple of calls then have my bank just ignore an odd series of transactions on my account and intercept them.
Sorry for the ramble. Does anyone else have any suggestions, stories or methods to improve online security that other members of this community might benefit from?