The websites you use get hacked a lot. That’s why it’s so important to never reuse passwords. It matters less to have a long password than to use a different one for every site. Outsource your passwords to a manager like LastPass or 1Password. They generate unique passwords for every site you need to log into. And turn on two-factor authentication if you have a Google (GOOG) mail account.
Use a browser that updates automatically, like Chrome or Firefox. Then remove Java from your computer. It has too many security flaws, and you probably won’t notice it’s gone. Secure files by enabling disk encryption and passwords on your laptop and phone. Also be aware that any file you store on online backup services like Dropbox and iCloud are not encrypted. Dropbox had a problem a few years ago—anyone could log into someone else’s account and view their files. Rivals offer the same functionality but prevent incidents like that by encrypting your data and giving you the only key. I use SpiderOak. It costs $100 a year, and I like it a lot. —As told to Evan Applegate
• Soghoian is principal technologist at the American Civil Liberties Union.