The holiday shopping season is underway, and many of you are probably going to do a lot of your shopping online. *And* you probably have a credit card number or two stored in your account with Amazon or another online store. And I'll make another guess: many of you probably use the same password for multiple online accounts. Well, guess what? Using the same password for different accounts is called "daisy-chaining," and when you do it, you're setting yourself up to be hacked. In August Wired writer Matt Honan explained how his "entire digital life" was destroyed in one hour: his Google account was deleted, his Twitter account was taken over and used to tweet racist comments, and his Apple account was hacked, enabling the creeps to erase all the files on his MacBook, iPhone and iPad. Honan made three big mistakes.: 1) He daisy-chained his accounts. Once the hackers got into his Google account, they could get into his Twitter account, and so on. 2) He didn't have two-factor identification on any of his accounts. Two-factor identifications adds another step to gaining access to private accounts. Once you type in your username and password for (say) your Google account, Google sends a text to your cell phone. You then have to retrieve the text from your cell and enter it on the Google log-in page. 3) He hadn't backed up any of his files. Had he done regular back-ups, he would have had copies of everything those creeps wiped from his hard drive. The truth is that most of our accounts are so easy to hack it's terrifying. Remember when Tennessee college student David Kernell hacked Sarah Palin's Yahoo! account? Presumably her username was her email address, which was public knowledge. Kernell was able to reset her password after entering her birth date and ZIP code and answering her security question,"Where did you meet your spouse?" You're probably thinking, "Sarah Palin's famous and I'm not, so that sort of information about me would be harder to find." It's not as hard as you would like to think. While many tech writers go on about the need for stronger passwords, the strongest password imaginable is useless if anyone can change it. Fortunately Mat Honan has suggested what to do and not do to make your online accounts more secure: Use two-factor identification whenever you can. Make up false but memorable answers to security questions (Q: "What was your first car?" A: "Flaming Maple Monkey Tree"). Try to erase your online traces: the good people at reddit.com have compiled a list of links to the opt-out pages of the major people-search sites (be warned: some of them don't make it easy). Don't use the same password for more than one account. Don't use an actual word for your password. Don't use standard number-letter substitutes, such as "3" for "e." Don't use short passwords. And if you're not scared enough, read Honan's latest Wired article on security and hacking.