Many sites that support secure transmission via HTTPS, still don’t offer encryption as a default, or sometimes they combine pages with both secure and insecure items. HTTPS Everywhere, a new Firefox plugin, makes it easier for Firefox users to always use the secure version of a number of popular sites. This is useful for those surfing in public hotspots, where an insecure site (using HTTP vs HTTPS) is visible to sniffers. The free plugin currently works for Facebook, Twitter, Paypal, Google Search and half a dozen other popular sites.

Srwright, a reader at Lifehacker.com submitted this tip for keeping your online accounts extra secure. Instead of answering standard security questions such as “What is your mother’s maiden name?” you can answer a secret alternative question that you create based on one of the words or phrases in the real question. For example, using the word “maiden”, you might answer the secret question “What is your favorite Iron Maiden album?” Or using the word “mother” you might answer, “What is your mother’s nickname?”

WordPress is an excellent blogging platform. Its popularity, however, makes it a frequent target of hackers trying to gain access to blogs for nefarious purposes. Choosing a secure admin password is just one thing you can do to foil them. Learn about the others at these WordPress security articles from Mashable, WPSHOUT, and Wordprezzie.

According to tech wizard Leo Notenboom, “a new twist” on hackers comprising Hotmail accounts has left some users with unauthorized (and poorly written) ads in all of their outgoing messages. Notenboom explains that the culprit is a default email signature created by the hacker. Learn how to change your Hotmail email signature in his article: “Why do messages I compose in Hotmail now start with an ad that looks like it’s from me?“.

Cormac Herley, a principal researcher for Microsoft Research, has concluded that mandatory periodic password changes, required by some organizations and websites, are not worth the time it takes to make the changes and remember the new passcodes. To read more about his conclusions, read “Please Do Not Change Your Password” from the Boston Globe. “It’s not that Herley believes we should give up on protecting our computers from being hijacked or corrupted simply because safety measures consume time. The problem, he said, is that users are being asked to take too many steps, and more are constantly being added as new threats emerge or evolve.”

“If you invited me to try and crack your password, how many guesses would it take before I got it?”, asks blogger and Internet standards expert John Pozadzides. The top ten list of common passwords includes your city, college, football team, your birthday, your partner’s name, or your pet’s name, perhaps followed by a zero or one. Learn how to choose better passwords by avoiding these common traps. Read more at Lifehacker.

Twitter has recently been hit by a rash of phishing attacks, where users get email messages with fake Twitter login links, in an attempt to steal Twitter account passwords. If you receive a notification from what looks like the real site, do not login. Instead, type “twitter.com” directly into your browser address bar. As a precaution, now is probably a good time to go directly to twitter.com and change your password. For more about the attack, read CNN.

When using a public wi-fi network in an Internet café or coffee house, it is up to you to secure your transmissions against prying eyes. Only using https secure connections is one way of stopping those around you from seeing your transmissions. For more cyber café security tips, read Ask Leo, and PC Magazine.

What resources can be used to identify safe websites? Leo Notenboom of Ask-Leo.com says, “One of the best things you can do as you surf the web is simply be skeptical.” He also explores McAfee’s Site Advisor, and Web Of Trust in his article What’s a Safe Web Site?.

Attention Hotmail and MSN users: itt’s time to change your password. According to Neowin, an anonymous hacker posted thousands of Microsoft’s Windows Live Hotmail usernames and passwords. The first list of over 10,000 accounts only includes account names that start with the letters A and B, but there was a hint that there could be more lists.