When it comes to protecting your online accounts, passwords are one of the most important lines of defense. Your finances, credit score, and identity are all protected by the passwords you keep. Unfortunately, many people practice poor password security, which can leave them vulnerable.

While passwords aren’t foolproof against thieves and hackers, using good practices can help keep you safe.

Here are 5 Password Best Practices You Should Be Using:

1. Stop Using Weak Passwords

Everyone should understand the importance of strong passwords. The simpler or more obvious your password, the easier a thief or computer program can guess it. But many people still use weak passwords, such as short phrases or the names of friends and family.

Use some of the following practices to create strong passwords:

  • Make them long: computer programs that automatically try to guess passwords can more easily guess short passwords. Longer passwords are harder to crack.
  • Avoid common phrases: common phrases, like Bible quotes or baseball teams, are easier to guess.
  • Avoid personal information: back in the day, your birthday or your mother’s maiden name might have been hard to guess. Nowadays, thieves can find common personal information online.
  • Test your password: before committing to a password, use a website like How Secure is My Password to test out password ideas and variations.
  • Avoid personal information or passwords related to friends and family.

2. Don’t Leave Them in the Open

If your passwords are written on a sheet of paper by your computer, it’s time to update your security protocol. If someone swipes the paper, they’ll have easy access to all your accounts, and tracking down who took your password cheat sheet may prove difficult.

3. Stop Reusing Passwords

Using the same password across multiple websites might make it easier to remember, but it leaves you vulnerable to thieves. All it takes is a hacker to crack a password for one of your accounts. If you reuse that password across multiple accounts and websites, the thief now has access to all of them.

Of course, this makes it harder to remember your passwords. Which brings us to our next point…

4. Use a Password Manager

If you want to take the guesswork out of creating and remembering passwords, password managers make it easy. These programs automatically create unique, strong passwords for every account you own. You just have to create a single master password to access the manager, and the manager can fill in user IDs and passwords for the sites and apps you use.

This does come with some risk. If a hacker manages to guess your master password or breaches the password management company, your accounts can be compromised. But password managers often use encryption and multifactor authentication to add additional levels of security to your account.

There are free and paid versions of password managers on the market. Do some research to find the best one for you.

5. Use Multifactor Authentication

Multifactor authentication is a tool that is increasingly available for all kinds of online services. It provides an additional verification requirement at the point of login. When you enter your password to log in, multifactor authentication will send you a temporary code via an authentication app, text message, or email. These codes usually come with a very short expiration date, and are required to access your account.

Even if a thief has your password, they would also need access to your authentication app, phone, or email to access your account, which is less likely. While multifactor authentication makes it a little bit harder to access your accounts, it will help you increase your security.