What steps can I do to keep my World of Warcraft Account safe and secure from hackers, trojans, keyloggers and all around bad dudes?
(Please post each suggestion as a separate answer, and please up-vote the suggestions you feel are useful)
AdBlock Plus, on the other hand, wards off banner adds, pop-ups, and the like which can carry malicious payloads if your operating system is not updated. I know a while back there were GIF ads on Curse that had a malicious payload in them if you didn't have a specific Windows Update - ABP would prevent the GIF from ever loading, which would prevent the payload from hitting your PC.
Obviously, however, all the software and layers of security in the world cannot make up for good, old-fashioned vigilance. Ensure that you're going where you intend to go (proper spelling, no typos, no added characters), scrutinize the URL of any link you intend to click before you click it, and be alert.
(*: I say most because as you open your whitelist further and further, things can slip in. A fully blacklisted NoScript will prevent everything that's not raw HTML.)
Using an authenticator isn't fool proof (as recent news shows), but it definitely increases the security of your World of Warcraft account. There are multiple devices that you can use as an authenticator for your account.
What is the Battle.net Authenticator?
The Battle.net Authenticator is an optional tool that offers World of Warcraft players an additional layer of security to help prevent unauthorized account access. The Authenticator itself is a physical "token" device that fits easily on a keyring or as part of your mobile phone.
How do I use an authenticator?
Method #1 - Physical Authenticator
The first type of authenticator you can use is the keyring authenticator, which can be purchased directly from the Blizzard Store.
Method #2 - Mobile Phone Authenticator
The second type of authenticator you can use is on your Mobile Phone. It's an application that runs on your Mobile Phone and allows the extra layer of security that they Physical Authenticator does, except that you only need your mobile phone instead of the authenticator itself. Please refer to Blizzard's Mobile Phone Authenticator FAQ for more information.
Even if a keylogger, trojan, or other sundry badness manages to get on your PC, if you root it out before attempting to log into your World of Warcraft account, you can still preserve your account's integrity. Doing so, however, requires maintaining up to date virus and malware protection. Many people feel that this is tedious and requires both paid software and lots of time, but that's not the case.
One of the best anti-malware software engines is a free piece of software called MalwareBytes. This powerful anti-malware has been proven against several popular keyloggers, including the most recent man-in-the-middle malware attack specifically designed to infiltrate accounts with Blizzard Authenticators attached.
Furthermore, all Windows users with a legitimate Windows license can enjoy a free and powerful anti-virus engine by installing and using Microsoft Security Essentials. MSE is as powerful (if not moreso) than paid anti-virus software, and its definition files are updated automatically through Windows Update (which you should be running every time updates are available!), meaning that it is rarely, if ever, out of date. MSE also has anti-malware/anti-spyware functionality as well, but in the anti-malware arena, it loses out to MalwareBytes. However, using both in tandem is a great start for keeping your PC clean and secure, and helping to clean it if something bad has made its way in.
The more people that know your password / use your account, the more potential there is for your account to be hacked. Your friend might not be as security conscious as you are, and therefore leaving your security credentials in the hands of someone else gives the hackers/phishers/keyloggers one more person to fool into typing them in.
While on the topic of passwords:
Which is to say, "not your birthday, not your middle name, not 'god'" The best passwords are over 8 characters in length, include some CAPITAL and lowercase letters, numbers, and a s¥mbøl or two... (!@#$%^) Preferably no "whole" English words...