Don’t write down your complete password. If you are going to write down a key password somewhere, don’t write down the actual password. Don’t put the post-it under your keyboard. People know to look there. If you MUST text it to someone, change one character and call the person and say “that last character is actually a 7 and not a 4″
For your own passwords, instead write something that only you would understand. For example, if your password is “leslie37” and you have a childhood friend named Joe whose sister is named Leslie, then put “Joe’s sister + 37”. This way, even if someone finds your important password sheet, they won’t be able to figure it out.
Why is this so important? Because all those Facebook congratulations on your birthday are making your date of birth not so secret any more. Same with your hometown. Same with most of those security questions you get asked “in case you forget your password”. Your mother’s your friend on Facebook? Great, now someone can probably figure out “mother’s maiden name”. Be more careful. Be careful with your “putting my life on Evernote” – if someone gets your password from an online account, they can log in to the web and see ALL your Evernote info on the web. Google “Two Factor Authentication” – learn it, it’s REALLY helpful to thwart (but not prevent) password theft. You can protect Evernote more.
If you just were emailed a random and incorrect purchase confirmation receipt, you really need to be more careful before you log in to “see why you got this” – the link they send you may not be the actual web site. It may be designed to get you into giving up your login info. The fix? Use 1Password, LastPass, or another password manager. Those will only automatically log you into a legitimate site, not a faked one.Your friend on Facebook “liking” a seemingly inappropriate or risqué posting may actually mean THEY were tricked into giving up their Facebook information to a clever prank. The reason you need to be more careful? Because you’re likely to click on the link and see what’s up – and you’re at risk of clicking or giving up your information because “if ___ liked it, it’s probably legit” – don’t click on it, they were likely tricked. And the first thing the bad guys do is share with ALL their Facebook friends that they “liked” the thing.
Everything you type at an internet cafe could be recorded and reproduced. Same thing with your WiFi connections. Be careful: if you’re paranoid, insist on only using VPN connections when away from your home or office. Or change your passwords before and after vacations. Use disposable credit card numbers.
IT people understand and are amazed at the sophistication of modern cybercriminals. If you don’t attend the RSA conference each year, you don’t know how vulnerable you are. But if professionals are telling you to be way, way more careful, that’s worth a listen.