Just a suggestion, it would have been nice to suggest using two-factor authentication as well. Because with my two-factor authentication, even if I gave someone my password, theoretically they couldn't log in. At the very least, seems like a sound second level of defense against those late night link clicks.