Once upon a time having good password was called good security, but not anymore. There are too many ways to attack your account to depend on eight characters, no matter how complicated they are.
Just last week we had two customers give away their passwords by opening an official looking email and typing their username and password into a fake login page.
The best way to be safe, even if you give away your password, is to turn on a feature called two factor authentication. It’s called two factor because logging in requires two things, something you know (your password) and something you have (a token).
You may already be using this with your bank if they send you a code via SMS when you login, or if your bank gave you a physical device with a number that changes every time.
Two factor authentication can be turned on for most services now, including Facebook, Google Email, Apple ID/iTunes, Amazon, Paypal and most bank accounts as well, but those five services are the most targeted and if you follow those links you’ll be much more secure online.