Marcin Kleczynski, CEO of a company devoted to protecting people from hackers, has safeguarded his Twitter account with a 14-character password and by turning on two-factor authentication, an extra precaution in case that password is cracked.

But Cooper Quintin, a security researcher and chief technologist at the Electronic Frontier Foundation, doesn’t bother running an anti-virus program on his computer.

And Bruce Schneier? The prominent cryptography expert and chief technology officer of IBM-owned security company Resilient Systems, won’t even risk talking about what he does to secure his devices and data.

“The stuff I do, I consider my business,” Schneier said. “I’m kind of a target.”

With nearly daily reports of cyber attacks, identity thefts and security breaches — even the NSA’s most sensitive secrets have been compromised — it seems all our financial, health and personal data is at risk from online villains. So we decided to ask the people who really know what they are doing — computer security experts — how they stay safe in their own lives.

Some of the answers were surprising.

Many security gurus take extra precautions to safeguard their data, accounts or devices. But many also feel free to flaunt the rules, at least in particular cases.

Take Quintin. Part of his job is to offer advice to activists and the public about how to protect themselves online.

Although much of Quintin’s advice echoes that of other gurus — keeping operating systems and software up-to-date and being careful with passwords — he diverges from the pack when it comes to anti-virus software. It’s not a big part of his recommendations, and he avoids the software in his own life.

Part of the reason is his computer runs Linux, which is targeted by far fewer pieces of malware than Windows computers. Indeed, if Quintin were using a Windows machine, he said he’d probably run an anti-malware program.

But he’s also philosophically opposed to anti-malware software, because he thinks it gets people to lower their guard about the security threats they face.

“I don’t like to get complacent and rely on it in any way,” Quintin said. “I like to keep my common sense sharp.”

Quintin’s not the only security expert who sometimes ignores the rules. You know the advice from gurus about always using strong passwords and a different one for every site? Avivah Litan, a security researcher at Gartner, often ignores it.

She admits she doesn’t come up with overly complicated passwords. She doesn’t change them very frequently. And while she makes sure to use strong and unique passwords to protect financial and other sensitive data, she reuses relatively simple passwords on other sites — typically on ones which would have little consequence if they were compromised, like a travel loyalty card service.

“I don’t go crazy over this stuff,” said Litan. “The cost of having a complicated password is greater than having my points stolen.”

Eugene Spafford, likewise, spurns one of the key rules, but for good reason.

The Purdue computer science professor, who focuses on cyber security, has a computer whose operating system and software he generally doesn’t bother to update, even though he sometimes uses it to access sensitive files. That’s because the computer isn’t connected to the internet, which is generally the source of most malware.

“I don’t have it on a network, so I don’t have to worry about it,” Spafford said.

To be sure, Spafford and other gurus often take extra care with their devices and data, going above and beyond the typical security advice.

Quintin, for example, regularly encrypts his email to protect it from being read by people who might intercept it. But he doesn’t recommend that average users scramble their email, because he thinks the encryption software is just too difficult to use.

Kleczynski, the CEO of security company Malwarebytes, mostly follows the standard security advice. But he goes all out to protect his Twitter account, because he worries about the message it would send if a hacker was able to compromise it.

“It would be extremely embarrassing,” he said.

Whenever he’s accessing the internet over a public hotspot, John Dickson, a principal at security consulting firm the Denim Group, will connect to a virtual private network through his office to safeguard his traffic. He also enjoys making up complicated passwords that you can’t find in a dictionary.

When he does it on devices at home, it “drives my wife crazy,” he said.

Spafford too takes a lot of extra steps to protect himself and his data. In addition to using an unconnected computer for sensitive files, he sometimes accesses files on a virtual machine he creates on one of his computers. When he is done, he deletes the machine. He also has a firewall device in his home to protect his network from hackers. And he’s developed some tools in his research center that he uses to try to detect security problems.

But, like Reliant’s Schneier, he’s reluctant to discuss the particulars of many of the steps he takes.

“There are some additional things I do,” Spafford added. “I’m not going to give details of all of them, because that doesn’t help me.”

Contact Troy Wolverton at 408-840-4285 or twolverton@bayareanewsgroup.com. Follow him at www.mercurynews.com/troy-wolverton or Twitter.com/troywolv.