In the age of the internet, access to information can be both vital to our daily life and the key that allows the “bad guys” to take things that aren’t theirs. Surely everyone has a friend who got off Facebook or buys things with bitcoin because they’re paranoid about a data breach. But how paranoid are they really?

With things like the Sony and Zappos hacks plastered all over the news, security is becoming more and more important to protect our personal information, and it all starts with choosing strong passwords. Regardless of how you feel about Alexa listening in the background, here is the good, the bad, and the ugly for protecting your accounts online:

Best Practices:

1. Use longer passwords.

Short passwords might be easy to remember, but longer is better. Use 8–10 characters with upper- and lowercase letters, numbers, and symbols. Symbols include things like “%,” “&,” or “#.” Make sure your numbers are spread throughout. For example, “Hd8%h34!cK” vs. “Hd%h!cK834.”

2. Use different passwords.

We all have loads of different accounts that require passwords. The important thing is to make sure you’re using a different one for each account. If someone hacks one of your PayPal account, it won’t make it easy to access your bank account and everything else.

3. Change passwords regularly.

I know. This one is not popular. Everyone has been guilty of holding on to passwords for years. Consider this your warning. Change them up, especially at work. Use this as a chance to be creative. Sometimes, it’s not even hackers who cause chaos. Unfortunately, there are occasionally disgruntled ex-employees who use their passwords one last time…

4. Sign out when you’re finished.

Don’t just close the window. And don’t let Google remember your password. If you can just push sign-in without typing it in, so can anyone else who has access to your computer.

5. Regularly update your computer.

Upgrades are for more than fixing bugs. It upgrades your security, too.

6. Don’t reuse passwords.

This is self-explanatory.

7. Create a passphrase
eg. “cake is good” becomes k@ke1$g00d.

Think of this as a game. Does anyone remember spelling “goggles” with their upside-down calculator in grade school?

Worst Practices:

1. Don’t use obvious passwords.

According to the UK’s National Cyber Security Centre’s recent study, two of the most hacked passwords include “Password” and “12345.” They even compiled a list on which “qwerty” even made a showing. If your password is on it, change it. Period.

2. Don’t use personal information in your password.

This includes birthdates, family names, your anniversary or preferences like the local football team or your favorite band. “RollingStones4Eva” isn’t going to cut it.

3. Don’t use words found in the dictionary.

Using things like “tennis2019” and “IsellHomes34$” can easily be hacked. Even random words like “purpleElephants$1*5,” while slightly better than your birthday, are best avoided.

4. Don’t use easy security questions.

Loads of companies use “What city were you born in?” as a security question, and if you can’t make up your own, try adjusting the answer. Instead of “Coventry,” use “C0v3ntry” or “Coventry, West Midlands.”

Still worried?

1. Use a password manager.

If you have trouble keeping track of all those pesky passwords, have a program or app do it for you. You’ll still have to remember the mother of all passwords, the one that lets you see your list. KeePass | Dashlane | Lastpass

2. Add extra layer of security with two-factor authentication.

2FA is used all the time. For example, when using a pin number in an ATM after you slide in your card or using a security code on a credit card. You can also use a passcode generator in an app on your phone for certain accounts.

3. Secure your phone.

Using your fingerprint is a great option, and it makes you feel like James Bond. Maybe that’s just me.

Many websites have a feature that only allows a certain number of tries, which means that the more complicated your password is, the less likely a hacker is to get it right before being rejected from the system. Overall, creating strong passwords and using this article for reference, you can feel confident that you’re doing what you can to protect your information.