You should avoid giving your passwords to anybody, and if you believe they may have been compromised, change them immediately. But also be aware that people can find out various facts about you, that may help them discover your password. Most websites have a 'Security Question' which allows you to reset your password. However this does pose the risk that someone could reset the password. One of the most common questions is 'Mothers Maiden Name?', there are plenty of resources online that would allow a determined attacker to examine the birth records for the year you were born. Birth registers contain your mothers maiden name, and so your password could be reset. This weakness is especially dangerous when combined with an account relating to finances, whether it be PayPal, Ebay or an Internet Banking website. It may be an incredibly useful feature when you forget your password, but it also risks your security. Many sites have improved the security of this feature now, by changing the procedure. On sites such as GoogleMail, providing the correct response now triggers an email to your secondary email account. Within this email is a link allowing you to reset your password, however if an attacker has gained access to your secondary account, he/she can still use this method to gain access.

A potential angle of attack that I regularly see, are sites such as Facebook which allow you to enter your email details, and an automated message is sent to your entire addressbook inviting them to join. Never use these, not only will the constant stream of emails annoy your friends, but it would also be childs play to craft a site asking for the details for my own benefit.

Anything that happens under your username will automatically be credited to you, so if someone were to use your Ebay account to commit fraud, you would be the first point of call for the relevant authorities. This can be prevented by following the simple steps laid out in this article.

In conclusion, the steps for fighting password theft are very simple. Don't ever give your password to anyone, a password should always be entered securely, not given to an 'advisor.' Verify the legitimacy of any correspondence received, especially if it asks for your credentials. It is especially important to gain contact details from other sources than the correspondence, a simple google search is usually sufficient. Ensure you practice damage limitation procedures, keep your accounts seperate, use different passwords for each one.

Finally, always choose a secure password. Avoid dates of birth, whether entered in reverse or otherwise. Don't use family names, and never write the passwords down.

Password security comes from adopting a state of mind, treat a password as the key to your life. Never trust anybody with it, and try to avoid obvious password hints.