Some things.

LOL smartphone theft and two step verification.

Generating random passwords for every website is actually a god awful idea. People will forget more, need more password reset e-mails and into infinity. One of the best pieces of advice I saw was to put in your password like

P@AmazonW0rd

So your preferred password with some keyword about the service you're logging in to.

Phone passcodes are relatively easy to hack if they're only 4 digits.

Here's a thing to know. If you have an Exchange server at work and you get your e-mail on it, your systems administrator can totally wipe your device in case of loss or theft. Scary and useful depending on how much you trust your IT department.

There are other services that will do this for you.

Also, if you donate your PC or sell it on Craigslist, use something like DBAN to 0 out the drive. Cookies/index.dat/stored password information in the browser are bad news for security.

Also set your damned FB profile to friends only.

@TCH, That's a really good tip to put the name in the password. Otherwise, it's obviously daunting to keep track of a jillion paswords.

I use two-step for gmail (it's easy) and backup all my key data continuously with Sugarsync. I do all the common sense stuff, too (pass protect phone/laptop).

I think it probably also helps that I only have one credit card.

@tcraighenry Password salting (essentially what you just explained) is a horrible idea. You don't think hackers know about this? It'll be the first thing they try. Password managers like 1Password are a good idea, but it's easy to remember passwords if you just make it something memorable. Stop it with these ridiculously complicated alphanumeric passwords. Unless you have a character limit, just make it a sentence you remember. That's orders of magnitude more secure than a string of alphanumerics.

And if you're not backing up your shit, you have no one to blame but yourself.

passwords:
Unless you are constantly logging into websites from multiple computers (eg travelling and logging into your email), there really is no need to have a password that is easy to memorize. There are plenty of password managers for Mac's and PCs out there. (eg KeyPassX for the mac).

This way you only need to know one password to get into all your other passwords. The password file also lives locally on your computer too. It doesn't matter if your password is a bunch of complex gibberish because it is a simple copy/paste action to log into a website.

backups:
There is no excuse anymore. Hard drives are cheap and backup software is easy to use. Keep one backup in a closet and another backup at a friend's house. The backup drives should be from different manufacturers also. Just get in the routine of doing a weekly backup when you do your weekly chores such as taking out the trash.

The cloud/online backups are good (for the "friend's house" example above) if you just have Office-type documents and a few photos that need to be backed up, but if you shoot a lot of HD video, forget it...stick with multiple hard drives.

Best to come up with a secure password system. Use a few different ones that will most likely fit all the requirements of different websites (capital letters, numbers, 8 characters, etc). But don't make it too complicated! I suppose there is a chance that you will get hacked, but there is a 10,000,000% higher chance that you will forget your complicated password and then have to reset it, thus messing up the nice system and/or lock yourself out of your own stuff.
And back up EVERYTHING!