If you're reading this and you're not using two-factor authentication (TFA) for your online services, stop reading now and go enable it.
Using TFA, if your passwords are ever compromised (LinkedIn, eHarmony, Last.fm...), then an attacker would also need access to your phone to log in. Pretty secure.
Dropbox have just added two-factor, and Google have offered it for some time.
The Google Authenticator app for iOS works really well, can be set up in seconds by scanning a QR code (a perfect QR use-case, by the way) and makes it really easy to get a one-time code: exactly zero-taps are required.
Still reading? Stop now and turn on two-factor authentication.