Keep it unique.
Using the same password for multiple sites is definitely tempting (who wants to remember 50 million passwords?), but dangerous. "The bad guys will hack a password for some random account to gain access to things you do care about," Grossman says.
What accounts matter? "The most important password is the one for your email account," says Kevin Haley, the director of the security software company Norton by Symantec.
Unless you have a joint account with your spouse, any password you create is for you and only you. The more you share, the more at risk you are for getting hacked. Scarily enough, Norton research has found that
36% of millennials share passwords.
Use a password manager.
If you're following these guidelines for every app and site you have an account on, you'd have to be an Einstein to remember every password you came up with. That's where a password manager comes in — and it's a must. Options include
LastPass,
1Password, and
Norton Identity Safe. In addition to creating a strong password for you in the first place, these will store your passwords, and automatically fill them in the next time you log in to your accounts.
Always opt for Two-Factor Identification.
Google, Yahoo, Facebook, and
Instagram (among others) all offer two-factor authentication now. To use it, enter your password, and then a code is sent to you via text or email, which you then input before being granted access to your account. You usually don't need to do this every time — only from a new device, or when authentication expires after a few weeks.
This additional authentication is always a smart choice, Lord says, since it's unlikely hackers will have access to both your password information, and have your phone physically in their hand.
Pick the obscure security questions.
Just as you don't want to include public information in your password, you don't want to pick a security question or answer combo that someone could search for, Lord says. Yes, this means your mother's maiden name and the name of the street you grew up on are out. Pick a more obscure question, or better yet, answer a question with the "wrong" response. Choose "What is your favorite place to eat?" and then answer it with the name of your first pet instead, or the name of a made-up restaurant. The trick here is to be consistent, though, otherwise you'll just end up confusing yourself down the line.
This is too much effort.
If you're a lazy girl and all of this is just too much —
can't I just do one of these? — go with two-factor authentication. It's your biggest safety bang-for-your-buck. But you do need it on
all of your important accounts.