The Australian government compiled a standard list of 10\u00a0things you can do to protect personal information online, but\u00a0sometimes these basics aren't enough. So I asked some IT security professonals for insight on what steps they take when shopping online or when registering with a new website. Here a list of online safety tips from five IT security pros.\n\tPatrick Harding, chief technical officer, Ping Identity:\n\t\n\t\tIt's counter-intuitive, but in my consumer role I prefer to use my Facebook or Google identity whenever possible. First, it's convenient. Second, popular social media has better security practices than I do as a consumer so my Google identity is better evidence to the vendor that I am really doing the shopping than the various and probably weak passwords I might otherwise lose, forget, or have stolen.\u00a0Third, a shopping site vendor who has my credit card information is maybe even more likely to be successfully breached than Google which offers two-factor authentication 1, requiring the bad guys to have my password and my mobile phone to steal my identity.\n\n\tDarien Kindlund, senior staff scientist, FireEye:\n\t\n\t\tNavigate the shopping website using a separate, isolated browser ideally on a separate system or inside a\u00a0separate virtual machine. Try to use unique passwords when registering with a new site. That way, if (or when) the website is hacked, attackers can\u2019t reuse your login credentials to access your other accounts on other websites.\n\n\tMarc Gaffan, co-founder and VP of marketing & business development, Incapsula:\n\t\n\t\tI never give out my mother's maiden name to ANYONE. It's worse than giving away your online banking's password because it's one of the things that are used to reset and retrieve such passwords.\n\t\n\t\tIf I don\u2019t know them, I don\u2019t connect with them.\u00a0 People who can see your profile and interactions on social networks can find out a lot about you (If your mom happens to be your friend and her brother is friends with her \u2013 there goes your mother's maiden name.)\n\t\n\t\tBelieve it or not, using a post-it to write down your password is probably much safer than keeping it in some file on your personal computer (which probably has the word password in the file's name.)\n\n\tShuman Ghosemajumder, vice president of marketing, Shape Security\n\t\n\t\tI make sure I can trust the site with my data by asking these questions:\n\n\t\n\t\tHave I heard of the company before?\n\t\n\t\tDid I specifically navigate to their site (as opposed to discovering it through surfing)?\n\t\n\t\tIs the URL correct\u00a0(to ensure\u00a0I\u00a0haven't been tricked into visiting a malicious site)?\n\n\t\n\t\tAvoid sites\u00a0that don't use SSL\/TLS 2\u00a0for registration or login. If I'm on an open WiFi connection, I never submit user details to a URL\u00a0that doesn't\u00a0begin with HTTPS:\/\/. Submitting information insecurely (e.g., via an open WiFi connection) makes it easy to steal.\n\t\n\t\tWhen I create an account, I don't use the same password I use on other websites such as Gmail or for my bank. Credential harvesting attacks take leaked passwords from one site and then probe other sites for use of the same password.\n\n\tNimmy Reichenberg, vice president of marketing and business development, AlgoSec:\n\t\n\t\tI only shop online through \u201ctrusted\u201d sites such as Amazon.com or physical stores that have an online presence such as Target, etc. I limit the amount of information I\u2019m willing to provide. For example, I do not typically store my credit card information and never provide banking information. When registering with a site\/newsletter, I provide as little information as possible. Hackers are always looking for useful information which by itself may be nothing overly interesting, but which could be used to gain unauthorized access to other accounts.\n\n\t1 \u00a0You can get this via the Google Authenticator app. Authenticator provides a six-digit number users must provide in addition to their usernames and passwords to log in to Google services. The Authenticator can also generate codes for third-party applications. It can be a pain to use sometimes, but it's much less\u00a0painful than having your identity stolen.\n\t2\u00a0These are Internet security protocols used by Internet browsers and Web servers to transmit sensitive information. In your browser, you can tell when you are using a secure protocol, such as TLS, in a couple of different ways. You will notice that the "http" in the address line is replaced with "https," and you should see a small padlock in the status bar at the bottom of the browser window.