IF YOU DO your banking online, you will probably never go back to your old ways. But as with so many other things in life, this great advance comes with a few cautions. A naive computer user can accidentally give too much away. If you are not careful with your passwords or the sites you visit, you may be open to all kinds of danger. One rule of commerce still seems appropriate: if an offer looks too good to be true, it probably is. The Hong Kong Monetary Authority is proposing that all banks use two-factor authentication. In such a scheme, the user enters an ID and a password in one area but there is another part that changes all the time. It may be a question that must be answered, a number that is given out, or even an SMS over a mobile phone to which you must give the correct answer. Not all experts agree on how well such a system would actually work. But it sounds impressive, and for many that is enough. Phishing attacks, where a website is created to look like your bank in order to steal your ID and password, are not stopped because of two-factor authentication. Be aware that any e-mail asking you to click on a link may not be from the organisation it claims to be from. The safest way for online banking to continue is for users to be aware of all the possible forms of attack and, if necessary, to ask the bank before committing to something. Experts have the following advice: Choose a password that is not an English word, but something you can easily remember and no one can easily guess, such as your partner's birthday. Select a mix of letters and numbers that do not spell a word. Have at least two passwords: a 'serious' one for banking and personal use, and an 'easy' one for websites that require a password for access. Be wary of phishing attacks. Do not trust any message that asks you to enter your name and password. No legitimate bank or organisation will ever ask you to do this. Do not give your information out too easily. Many sites want you to answer a lot of questions and give them contact information. Be careful how often you do this. Keep your computer protection up to date. Get anti-virus and firewall software to protect yourself from viruses and other malware, and update it regularly. If you have to access sensitive sites such as your e-mail account or bank at an internet cafe, make certain you do not allow the browser to 'remember my password'. Some places disable this function, but not all do. Encryption schemes such as PGP (Pretty Good Privacy) are not that easy to use. Still, they are worth considering if you have a lot of passwords, IDs and account numbers to keep track of. Many people keep extremely sensitive information on a PDA or mobile phone. All you need to do is lose it and your systems will be compromised. If you must keep such sensitive data in a phone, at least protect it with a password. Stay informed. There are stories about computer security almost every day in the media. Check if the information is relevant to you.