The vast majority of data compromises aren’t caused by company-wide breaches, but by something we as individuals can control—our passwords.

A 2013 study conducted by online security company Trustwave found that, out of 3 million passwords analyzed, 50% reached the barest minimum level of security.

Betterment is likely only one of a host of apps you use online—and employing good security hygiene when you’re online is more important than ever.

online data security

Know what you’re up against.

Hacker programs, such as Hashcat, work by guessing passwords very rapidly—up to 8 million per second. This is called a ‘brute force’ hack because the computer basically tries to force its way into your account.

There are four especially easy types of passwords to crack:

  1. A password that’s all numbers
  2. A password fewer than eight characters
  3. A password that contains an actual word (there’s ‘dictionary attack’ software that methodically tries only the likeliest passwords—such as all the words in a dictionary)
  4. Common letter-to-number substitutions, like 0 for O or 3 for E

If your password falls into any of those categories, it might be like using a cheap luggage lock on your front door.

Another hacker technique involves first finding out the ramifications for an acceptable password, and then plugging exactly those variables into a hacking program. Again, most people use only the bare minimum password requirements, which makes hackers’ lives much easier. Once they know that your password requires a special character and a capital letter (and an attempt to set up a new password on the website in question will tell them), they can insert those variables into their program, and then it’s just a matter of time before the program finds your combination.

Hackers have also discovered that the most common way to satisfy those requirements is by adding suffixes (used the vast majority of the time), and after that, prefixes. Even in rarer cases where the special symbols are inserted within a password, thieves know that most people use common symbol substitutions: $ for S, 1 for L, or @ for A.

And if you’re using a password that means anything to you at all, think again. Skilled hackers will sometimes do what’s called ‘spidering’: they’ll comb your social networking pages or blog to make guesses. In fact, if you can remember your password, chances are it’s easily hackable.

Note that combining words, like thisismypassword, used to be a way to outsmart hackers, but these days, those are easy to hack, too.

So now that you know what you could be up against, here’s how to lock out the hackers.

Best Practices

1. Length and randomness are your friends. A longer password takes more work to hack. When you combine letters and numbers, be sure to include both uppercase and lowercase letters, as well as special characters, because it makes a password tougher to guess. In fact, using a randomizer, like this one from Norton, will create a tough password that doesn’t follow any of the patterns that hackers expect. You can also use a password strength tester to see how your concoction measures up.

2. Storage is key. Can’t remember that password? That’s a good sign—but to make sure your new password isn’t impossible for you to access, store it in a password manager like 1Password, LastPass, or Dashlane. Not only will managers like these log in to sites for you by typing in those complex passwords, but they’ll lock them all behind one master password, making them safe from anyone snooping on your computer.

3. Abbreviate a sentence. If you’d still prefer a password you can remember in the moment (and don’t want to access your password manager every time you need to get into a site), another technique is to make up a sentence and abbreviate it. For instance, “My mom’s chicken and waffles are the best—in Toledo!” could become “Mm’sc&wsatb—iT!” Looks silly, but it works. (Hint: Don’t actually use that one.)

Keeping Secrets

Security questions are meant to help verify who you are if you’ve lost a password. However, it doesn’t take much more than a Google search these days to find out what city you were born in or what your first dog’s name was… and suddenly those questions aren’t very secure. Invent false answers instead—maybe your favorite pizza toppings or movies.

Good Hygiene

To keep your passwords secure, you’ll need to practice good password hygiene. That means using a new password for each website (according to this study, 73% of us don’t). Otherwise, if one is hacked, then the hacker can try it on another one of your sites, and the virtual door is open to everything you have. You’ll also want to stay updated on major breaches in the media and change your passwords often, or as necessary, to keep your data safe.

More from Betterment: