One of many topics I've "meant" to get to "as soon as I have 'time' " is the various ramifications of the Gmail hacking episode my wife endured last year, in which six years' worth of her correspondence and life-records disappeared. I chronicled it originally in the magazine, and ran a large number of follow-ups. Here's a sample.
There are lots of new twists I've meant to go into, at some point: "strong" versus "weak" passwords, Gmail versus other online services, the pluses and minuses of online password utilities (I use and like LastPass), Google's new "state-sponsored hacking attempt" warnings, and on through a very long list.
For now, here is the single most important thing you must do today, if you're concerned about these hacking stories -- as you should be.
Today's Must-Do List: Make sure that any account that matters to you has its own password.
For me that means, as a minimum: email, banking, credit cards, medical info, investment accounts, Twitter, Facebook. The standard should be: anything that would cause you loss, embarrassment, inconvenience, harm, or worry, must have its own password. If it doesn't, you're asking for it to be hacked.
I don't care that my local OpenTable account (for example) has a weak password I've used elsewhere. No harm, no foul if it gets hacked. It's different with banking, email, etc.