There is a decently easy way to make your online accounts more secure (as in logging into them). Its still up to the site owners to keep your data safe, but thats another day.
The method is called 2-factor authentication. A username and password is the first part, and a randomly generated code is the second part. So if someone gets ahold of your password, the random code will stop them from logging in (unless of course they steal the device giving you the codes as well, but we can only do so much).
I use Google Authenticator, its an app that Google created that allows you to put multiple websites that support it into an easy to use interface. The codes are changed every 30 seconds so it gives you enough time to login, but not much time for someone else to copy them.
Here is an article on how to set it up: https://support.google.com/accounts/answer/1066447?hl=en
The quick an dirty is to download the app from the google apps/play store (https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2) then goto websites that support authenticator, and they will give you a QR code to install it on your phone. You scan this QR code from your smartphone, and it will setup the secret key. The Google support site has a bunch of guides on how to configure it, so I won’t go into that.
If you lose this device, then you will have some issues since its tied directly to it. A way to avoid this is to setup Google authenticator on two separate devices.
But here are some popular sites that allow you to use this 2-factor authentication method:
- Google/Gmail (very necessary, if someone gets your email account, they can reset everything!)
- WordPress sites (your own blog, there is a wordpress plugin for it)
- Amazon AWS
- Microsoft Stuff
Paypal uses the Symantec VIP app which works very similar.
Just do a quick search for “facebook google authenticator” and you can find the support pages for them.