By Tom Cheshire, Technology Correspondent

Millions of eBay users were asked to change their passwords on Wednesday after the site’s security was compromised. Here are some top tips and what to do to tighten up your online security.

Change your password

Even if you haven’t used your eBay account, change your password – especially if you’ve used that password on other sites.

It’s a pain, but it’s worth changing your major passwords – especially anything tied to financial and sensitive personal information – every few months.

Change your password in the browser

When changing your password, don’t do this by following an email prompt.

Instead, go the website directly by pasting its URL into the address bar in your web browser.

More generally, never click on links on emails unless you’re completely sure it’s from a trustworthy source. Even a friend sharing an amusing cat video may have been hacked.

Choose the best possible password

What makes the best password is subject to hard fought debate online.

The most secure passwords are also the hardest to remember, and any password is a trade-off between security and convenience. A long, unintelligible string of alphanumeric and special characters is strongest, but not practical for everyday use.

Instead, use a memorable combination of words – not culled from a famous phrase or book.

If your phrase is anywhere on the web, chances are it’s known to hackers – so ‘itwasthebestoftimesitwastheworstoftimes’ isn’t much better than ‘eBayPassword679’.

Don’t use easily guessable information. Choose a nonsense phrase that you’ll remember, and swap in some numbers and special characters.

Something like ‘InApril1EnjoyThrowingDucks!n1ntoTh3R1ver’ is good, then come up with a variation on that for each site.

Again, don’t use the same passwords across different sites.

Use a password manager

If you do prefer to use a stronger password, but struggle to keep track of them, consider using a password manager.

These collect all your passwords into one place, so that you access all the different passwords with one master password.

Because there’s only one point of failure, that password needs to be very secure – and also very well protected.

KeePass, LastPass, Password Box and Dashlane are all good options.

Consider two-step verification

For your most important online accounts – banking, email and social networking – two-step authentication is a very good way of making yourself more secure.

This means that when you log into an unusual computer, you’ll have to authenticate yourself using your mobile phone or another means of verification. Most major web sites offer this now, and it’s less of a hassle than you think.

Pay attention to iTunes

If you suspect you’ve been hacked, pay close attention to your outgoing finances.

Hackers will often use very small amounts to test the water with stolen financial information.

Pay close attention to iTunes especially – hackers will make tiny purchases worth pennies here, to see if a credit card works. So make sure you check your iTunes statements.

Scan for malware

If hackers have your email address and other personal information, there’s a good chance they can access your personal devices.

Install malware protection from a reputable source and scan your computer.

Be patient

Everyone hates passwords and, thankfully, they may not be around for much longer.

Many companies are working on software that uses behavioural monitoring – the way you type, click around a website and generally interact – to uniquely identify you.

Others are looking at biometrics – like Apple and Samsung’s fingerprint readers on their smartphones.

Future technology might use facial recognition, or heartbeat pattern detection.