We’ve been on the internet for almost 35 years, yet we still haven’t learned our lesson about online passwords. According to a recent security study, the most commonly used web passwords are things like “123456” and “password.” Sure, they’re easy to remember, but that makes them just as easy to hack. And if you use that simple password across multiple accounts—as a reported 92 percent of online users do—that puts all of your data at risk. Here are eight tips for ensuring your passwords are as strong as possible.

1. MAKE YOUR PASSWORD LONG.

Hackers use multiple methods for trying to get into your accounts. The most rudimentary way is to personally target you and manually type in letters, numbers, and symbols to guess your password. The more advanced method is to use what is known as a “brute force attack.” In this technique, a computer program runs through every possible combination of letters, numbers, and symbols as fast as possible to crack your password. The longer and more complex your password is, the longer this process takes. Passwords that are three characters long take less than a second to crack.

2. MAKE YOUR PASSWORD A NONSENSE PHRASE.

Long passwords are good; long passwords that include random words and phrases are better. If your letter combinations are not in the dictionary, your phrases are not in published literature, and none of it is grammatically correct, they will be harder to crack. Also do not use characters that are sequential on a keyboard such as numbers in order or the widely used “qwerty.”

3. INCLUDE NUMBERS, SYMBOLS, AND UPPERCASE AND LOWERCASE LETTERS.

Randomly mix up symbols and numbers with letters. You could substitute a zero for the letter O or @ for the letter A, for example. If your password is a phrase, consider capitalizing the first letter of each new word, which will be easier for you to remember.

4. AVOID USING OBVIOUS PERSONAL INFORMATION.

If there is information about you that is easily discoverable—such as your birthday, anniversary, address, city of birth, high school, and relatives’ and pets’ names—do not include them in your password. These only make your password easier to guess. On that note, if you are required to choose security questions and answers when creating an online account, select ones that are not obvious to someone browsing your social media accounts.

5. DO NOT REUSE PASSWORDS.

When hackers complete large-scale hacks, as they have recently done with popular email servers, the lists of compromised email addresses and passwords are often leaked online. If your account is compromised and you use this email address and password combination across multiple sites, your information can be easily used to get into any of these other accounts. Use unique passwords for everything.

6. START USING A PASSWORD MANAGER.

Password managers are services that auto-generate and store strong passwords on your behalf. These passwords are kept in an encrypted, centralized location, which you can access with a master password. (Don’t lose that one!) Many services are free to use and come with optional features such as syncing new passwords across multiple devices and auditing your password behavior to ensure you are not using the same one in too many locations.

7. KEEP YOUR PASSWORD UNDER WRAPS.

Don’t give your passwords to anyone else. Don’t type your password into your device if you are within plain sight of other people. And do not plaster your password on a sticky note on your work computer. If you’re storing a list of your passwords—or even better, a password hint sheet—on your computer in a document file, name the file something random so it isn’t a dead giveaway to snoopers.

8. CHANGE YOUR PASSWORDS REGULARLY.

The more sensitive your information is, the more often you should change your password. Once it is changed, do not use that password again for a very long time.

Hackers could keep trying to crack your passwords no matter how strong you make them. Discover will help you to protect your identity by monitoring thousands of risky websites and alert you if they find your social security number. And it’s free for cardmembers who sign up. It won’t solve hacking issues, but it’s a good first step to putting you in the know. Terms apply. Learn more at Discover.