These days the major internet companies offer you the option of using "multi-factor" or "two-factor authentication as an option you can turn on. It's a good idea. Here's how it works: to log in to a website that uses multi-factor authentication, you have to know your password, plus you also have to have some kind of extra validation step. For example, some sites will send a text mesage to the mobile phone on your account, checking to see if it's really you. Others use a dedicated keyfob that fits on your keyring and feeds you long random numbers to use with your password. The extra validation changes frequently, so it's like changing your password every 2 minutes - but much easier.