Defense: Don't store credit cards anywhere you don't have to, even if it takes some time to type in the number for each purchase.
Time: Deleting already-stored cards: 2-3 minutes per account.
Issue: Linking your online accounts
Threat: Whenever you've got accounts that are tied together, a breach in one puts others at risk. For example, if you use Facebook, Twitter or your Gmail address to log into other places, a hacker who gets into one account may be able to use it to get into others.
Defense: Be wary about what Honan called "daisy chaining" your accounts -- setting them up so that having access to one gives access to others. And if you are using one account to access others, make sure that account has its own email address and a secure password. This isn't complete protection, just as locking your car doesn't necessarily prevent things inside from being stolen; but it may send lesser-skilled or impatient thieves elsewhere.
Time: Varied: 2-3 minutes to change logins and passwords per account, but it could take more time to update additional apps that depend on such logins.
Issue: Using weak passwords -- or reusing them across accounts
Threat: While this wasn't an issue in Honan's hack, it remains a significant problem as passwords continue to be leaked -- such as the publication of 450,000 Yahoo passwords that were stored in plain text -- or guessed. Once email/password combos are leaked, it's likely that malicious hackers will try them elsewhere.
Defense: We've heard it before, but, like eating our five servings of vegetables daily, many of us still don't follow best practices when creating our passwords. Why? It's just too tough to remember multiple strong passwords, and also annoying to have to type them in -- especially on mobile devices with small on-screen keyboards.
There are various strategies for creating tough passwords -- ones that you can remember but that aren't easily guessed by a human (which means you don't want to use easily learned data about yourself, or "password123") or by a computer in a brute-force attack (words in the dictionary). For example, one approach is to use the initial letters of a long sentence with numbers and punctuation tossed in, such as IwtgttGCfm4b, which one might remember from "I want to go to the Grand Canyon for my 40th birthday."
However, unless you've also got a system for tying a specific sequence to a certain site, this will likely get unwieldy for more than a few passwords.
For lots of sites, it may be helpful to use a multi-platform password manager that can generate, remember and fill in your complex passwords. Just be sure you create an extremely secure master password for that, and never write it down or store it unencrypted.
Time: Downloading, installing and setting up a password manager: 15-20 minutes. Updating existing passwords: 1-2 minutes per site -- something else you may want to do as you naturally visit each site where you have an account, rather than all at once.