What is the best way to prevent phishing?

The best way to prevent phishing is to have some kind of personal security device separate from your PC that is part of the login. This might be a smart card or one-time password (OTP) USB token that generates a unique secret number that makes every login unique. This is very effective protection because even if someone steals your username and password by phishing, using a malware Trojan or keyboard logger, they still cannot access your online accounts and pretend to be you without having the smart card or OTP token. Security specialists call this two-factor authentication because it combines something you have, the card or token, with something you know, your username and password.

Many security-conscious online companies are now offering optional two-factor authentication including Bank of America, Google Gmail, Amazon Web Services and PayPal, but you have to ask for it. Look in the security or privacy section of the website to see what options you have to better protect yourself against phishing and other online security risks.

See also:

What is phishing?

If the Internet is secure, why are there Internet security problems?

What are crimeware and malware?

What is a keystroke monitor?

What is a certificate?