Protect your online personal and financial information by using multiple strong passwords and safeguarding their access.

Do you pay your bills online? Order merchandise? Make airline reservations? Think about how often you have put your personal and financial information out there in cyberspace, and then ask yourself if you are comfortable with the passwords that you use to access your accounts.

Even if you have progressed beyond the “password123” stage, chances are your passwords are not as secure as they should be to provide online security. Do yourself a favor and update your passwords. Start with the ones that matter the most, then gradually work down the list.

Create unique passwords. Create as many unique passwords as possible. The more unique passwords you have, the better your odds of keeping your information secure. That said, unless you are planning to use a password manager (see below) or have a fantastic memory, you probably don’t want to have to remember fifty different passwords. At the very least, you should have a unique password for each financial account or for any account where you need to reveal information like your social security number or your birthdate.

Make your passwords strong. The more lengthy and complex a password, the stronger it is. Follow these best practices:

• Make your password as long as possible, at least ten characters.
• Use numbers, symbols, upper-case letters, and lower-case letters.
• Do not use personal information (eg, family name, pet’s name, phone number, address, birthdate).
• Do not include any part of your account number.
• Do not use adjacent keyboard settings.
• Mix up characters of an easy-to-remember phrase: 1/2ing2muchFUN2stop!
• Use unusual combinations of words: mango4mouse&moving29
• Intentionally misspell words: Kpasa,meamigo?
• Use an online site, such as Norton by Symantec, to generate a secure password.

Add two-step authentication wherever possible. Two-step authentication provides you with an extra layer of internet security. Many popular sites are now offering this option. We recommend that you add this to all of your financial accounts and to your email account. That way, even if someone has your password, your account will still be inaccessible to anyone but you.

How it works: First, you enter your user id and password, as usual. Then, you are required to enter a special code. You get this code by phone via text, voice call, or mobile app. (You will have specified which method when signing up for two-step authentication.) Then you enter the special code on the log-in page, and you are done. (The special code changes each time you log in. If you decide you do not want to have to use the two-step authentication when you log on from your own personal computer, you can exempt that device from the requirement.)

Caveat: You will have to have your charged-up phone handy, able to receive the code. And if you need to access your two-step accounts when you are out of the country, make sure that you are able to receive texts or calls.

Keep your passwords safe. Create a list on your computer, but don’t save it there. Having your passwords on a spreadsheet can be very convenient. Just remember to save it somewhere other than on your computer’s hard drive! Even a password-protected spreadsheet can be hacked by a computer thief, so it is better to store it on an unlabeled removable data drive that you safely stash. Bury your printed copy where only you will think to look for it. (Risk factor: leaving the data drive or document out where they can be found by others.)

Use old-school pen and paper. Even security expert Bruce Schneier recommends writing down passwords and treating the list like you would any other valuable document. A good choice is an alphabetized address book that can sit innocuously among your desk supplies. (Risk factor: misplacing the address book or leaving it out where it can be found by others.)

Use an online password manager, such as LastPass. With a password manager, you create a single master password and then import all of your existing passwords and other sensitive information into your account. The password manager encrypts this information and saves it in your “vault” in the cloud.  You can also use the password generator feature to generate passwords for you, autofill online forms, and remember login names. (Risk factor: having all of your data at the mercy of the strength of the password manager’s security.)