• Turn off auto sign-in. If you generally trust the people using your console, you can just make sure your profile doesn't automatically sign in so they don't accidentally start playing on your profile. Do this under your gamer profile. Auto sign-in is turned on when you create your profile, so if you haven't messed with it, it's probably on.
   
• Use a pass code. Go to Account Management and add a four-button pass code to your profile. Any time the profile is signed on, you're challenged for the code. If it's a good one, that means you're the only one that'll be signing in on your account. Check out my pass code post for more info.
   
• Put your profile on a memory unit. You can remove temptation altogether by keeping your profile on a memory unit that you pop out of the console whenever you're not around. No one will even see your profile as a choice to sign in with.
   
• Know where your profile is. If you borrow or rent a console, or play on a console at someone else's house, make sure you remove your profile from the resident hard drive or memory unit when you leave. It's easy if you keep it on your own memory unit, since you can just take it with you. But if you recover your profile to some else's hard drive, then don't delete it when you leave, there's potential for anyone else using that console to sign in with it.
  
  Tip: If you do leave your profile on someone's console and you're worried about it, recover it on your local console as soon as you can. It'll invalidate the copy of the profile on the other console.

• Don't give out your Windows Live ID and password. There are some "services" available now for inflating gamerscore, where you send someone your login information, and they use that to recover your account to their console and rack up achievements for you. This is a really really really dumb thing to do. Once someone has your Windows Live ID and password, they have access to anything else that uses your Windows Live ID: Hotmail, Messenger, Spaces, Zune, and whatever else you may have signed up for (or they can sign up for stuff themselves). More importantly, they have access to all of your account info, including your address, phone number, and any credit cards you have on your account.
   
• Be smart when setting up your account. Choose a good password that no one can guess. Pick a secret answer (the answer you give if you forget your password) that no one can get out of you. Limit the info you keep in your account to the essentials required by the service. Currently there's not a way on the billing website to remove your active credit card from your account, but be sure to deactivate cards you're not using. If you're really concerned about having a credit card on your account, purchase a prepaid Xbox Live card and/or Microsoft Points cards. If you've already set up your account, don't worry. You can go to account.live.com to view and change your account info.
   
• Don't share secrets. Some of these social engineering types are really good at gaining your trust and sweet talking you out of your info. Innocuous stuff. Imagine this conversation:
  
  "So, where are you from?"
  "California."
  "Really? I have family there. What part?"
  "Southern California. Los Angeles."
  "What a coincidence. My cousin lives there. What high school did you go to?"
  
  From that simple, friendly conversation, your new-found friend has a short list of ZIP codes to try, plus they have your high school, which is can be used by some services as a security question. Be aware of your secret question and answer that you're using for your Windows Live ID, and make sure not to mention anything that will help people figure out what it is.
  
  Many times they won't be obvious. It'll be a casual conversation, or they'll get pieces out of you at different times. The most determined can put together a lot of info about you from seemingly disconnected conversations.
   
• Be aware of your online "footprint." What I mean by this is make conscious decisions when you sign up for stuff online. This isn't just talking about Windows Live or Xbox, this is in general. Online stores, forums, everything. Be aware that with every thing you sign up for, you increase your exposure on the internet. If you use the same e-mail address and password for everything and it's compromised in one place, it can be used everywhere else. You don't have to be phished while you're playing a game on Xbox Live for someone to take over your Xbox Live account. That is, if someone scams you out of your password or secret answer in e-mail or Messenger, they've also got your Xbox Live account.
  
  If you want to limit the exposure of your e-mail address (which reduces the appearance of your e-mail address as a target and can help reduce spam, too), make sure you make full use of privacy settings on stores sites, forums, and blogs. Here on Windows Live Spaces, check your Windows Live profile. In Windows Live Messenger, make good use of the block list (Tools, Options, Privacy).
   
• Be aware of where you're going online. This isn't strictly Xbox Live either, but one of the ways scammers gain access to people's info is through seemingly legitimate messages. For example, you may get e-mail that looks like it's from your bank, down to the logos and even professional-sounding text. (Let's face it, most of us can spot the crappy scammers by their spelling mistakes. But, they've gotten better.) The link looks like it's going to the bank web site, but in reality it goes to a site set up by them. It still looks like the bank's site, but when you log in, the login info goes to the scammer's database and not to your bank. Counteract this by always typing in the URL of any secure site rather than following a link and just generally being cautious on sites that want your personal info.

It's a good idea to always try to keep on top of your account. Go to account.live.com often to check out your billing and Microsoft Points transactions and to make sure your e-mail and mailing info is still correct. Change your password on occasion. Also, take a look at your secret question. If you think someone got that answer out of you, or you set one up that is too easy, pick another one. (Just make sure it's something you will remember!)

Whew. That turned out to be longer than I thought, and I'm sure I'm still missing stuff. I'll round things out in my forthcoming article. There are other things you can do to secure your account information. For more info from Microsoft, try the following documents:

Help Protect Yourself Against Identity Theft
Help Protect Against Phishing Fraud