Earlier this week, several administrative accounts at Twitter were hacked, revealing several internal documents along with revealing a good deal about Twitter’s corporate culture – things like which programs they use for creating work documents, plans for a reality show, and the fact that they use weak passwords – one of which was the word “password.”

While you can be sure that the social network’s popularity makes it a target for hackers who know how to execute sophisticated attacks, it seems that Twitter’s biggest vulnerability was a lax attitude towards their own security.

It should be noted that, as far as anyone knows, this doesn’t open any security vulnerabilities to the end user.

We all need to take this as a reminder that we should periodically change our own passwords, especially those for online banking accounts and for anything containing information we really care about – our Facebook accounts, for example, contain much information that helps define our identities to the outside world.

Our online passwords are frequently our best – and sometimes our only – defense against identity theft. It is crucially important that these passwords are secure. (Yes, that means using a password other than “password.”

National Public Radio’s All Things Considered did an interesting story in May called “The Search for the Perfect Password.” It contains a lot of useful advice for creating good passwords and some amusing anecdotes about bad passwords.

Some things to avoid when creating new passwords:

• Simple dictionary words, spelled as such
• Family information (birthdays, anniversaries, children’s names)
• Using the same password across services
• Using only letters or only numbers
• Leaving the password written on a Post-It note on the desk next to the computer.

Now, we understand that keeping track of a lot of passwords, especially when you’re throwing new ones into the mix all the time, can be daunting – especially if you’re avoiding the Post-It note method, but there are several useful tools to track your passwords. Firefox has a built-in password manager, while there is a piece of software for Mac computers called 1Password that does the same thing. The NPR story above earlier contains many helpful links to solutions such as those.

Over the course of its existence, Facebook has been a benchmark for security among social networking sites.  However, within the last few months even Facebook has fallen victim to the worst of the web… SPAMMERS! Now that we have your attention, please refrain from spiraling into a panic, deleting all of your social accounts, and retreating into the mountains.  Not only is Facebook fighting back against would-be evil doers, but there are simple actions you can take to protect yourself while out in the social spheres.  These are straight from the security experts over at Facebook.

• Remember, Facebook will never ask for your password in an email, Facebook message, or any medium that isn’t the login page. Though you will need to re-enter your password when you set a security question, change your contact email, or send a virtual gift.

• Be extra aware of weird Wall posts. Don’t click on any links—on a Wall or elsewhere—if you don’t know where they go.

• Set a security question for yourself on your Account page. If somehow something malicious shuts you out of your account, you will need the answer to that question in order for our User Operations team to let you back in. (If you’ve already set your security question, you won’t see a prompt for it on your Account page.)

• Be extra aware of what website you are using to log in to Facebook (and other websites). Phishing websites can be made to look like other websites (like the Facebook log in page), and might try to disguise their urls. Be smart: www.facebook.com.profile.a36h8su2m8.info/login starts out looking like a legitimate Facebook website, but that a36h8su2m8.info part means it’s fraudulent. Set and use a browser bookmark to make sure you always log in from facebook.com

• If you see a Wall post that looks like spam on a friend’s Wall, tell the author to delete it and reset their password immediately.

• Use a modern web browser to benefit from anti-phishing protection

• Check out opendns.com. This is another method for blocking specific domains that host phishing sites.

If you think you’ve been phished or find a phishing site,

• Reset your password on your Account page.

• Report the issue to Facebook here.

• Submit phishing sites here and here.