Whenever we can we make use of Two Factor Authentication.

In some cases this means the institution you are trying to log into will SMS a code to your previously registered mobile phone which you have a very limited time to enter before you can proceed into the site.

In other cases we use Google Authenticator (GA). Essentially the same. The GA app on your phone is synchronised with the globally unique serial number of your mobile device and to the particular account you are using and a code that is generated by the app must be keyed in and match with the login at the institution. Again there is a time limit set which you can change. We have it set to 1-minute after which time the code expires and you have to start again. If you fail in 3 attempts then the account will lock and you have to go thru a rather nauseating experience to unlock it again. So we don't let the failure happen.

It just means that even if anyone manages to somehow acquire your account/password details they still cannot get in and do anything until they get past the 2nd factor. And unless they physically have your mobile device that aint gonna happen easily. Much safer IMHO.

But alas neither ebay nor paypal have offered this security feature as yet otherwise we would use it.