Proper password creation and protection are by far the most important parts of personal cyber security. A hacker with access to your login creden ials can pretty much steal your online identity. In fact, the Verizon 2016 Data Breach Investigations Report found that 63 percent of observed hacks originated from poor password control.

So, what kinds of mistakes do you need to avoid if you want to keep your information safe?

1. Not using capital letters, numbers and symbols

This is probably the most common mistake users make when it comes to password creation. People want to keep their phrases simple so they can remember them, and in doing so they set themselves up for failure. This is because cyber criminals have tools that can automatically guess passwords, and only using lowercase letters will enable such a program to find your phrase incredibly quickly.

Therefore, it’s imperative that you rely on both lowercase and uppercase letters, as well as numbers and symbols.

2. Using dictionary words

Another major issue a lot of people don’t know about is the usage of dictionary words. Again, this has to do with the kinds of tools that hackers have at their disposal. A robust password cracking program will basically run through a dictionary in order to unlock your account.

In fact, the University of Chicago stated that even using a misspelling of a word – such as using an “@” symbol rather than an “a” – can lead to a data breach.

3. Relying on information that can be found online

Outside the realm of a program cracking your password, hackers also often rely on the information you post online in order to access your accounts. Your child may be the center of your universe, but they’re also the center of your Facebook timeline. Using his or her name in your password followed by their birth year is a surefire way of letting an ambitious hacker in.

Hackers know how much you think of your child, especially when you’re creating a new password.

4. Writing them down or storing them unencrypted

In order to meet all of these requirements so far, you’ll probably have to create a long string of numbers, symbols and both upper and lowercase letters. While this will certainly keep a hacker from figuring your password out on his own, you now have the issue of having to remember the phrase.

Many people decide to fix this by writing it down or storing it unencrypted on their device. However, this simply creates another problem. Keeping your password list on your computer or phone means that anyone who gains access to it – through theft or more complex digital means – now has complete control over all of your accounts. A paper list is even worse, especially if it isn’t kept in a secure place. Even sticking a Post-it note with your password on your monitor at work could result in a major data breach.

There are two actions you can take to avoid these scenarios: First, try to make complex passwords that you can actually remember. Something as simple as using the first letters from the first line of a poem your significant other wrote for you, followed by a few random numbers, is more than enough to stay secure and while keeping your unique password fresh in your mind.

The other action here is to utilize a password manager. These services encrypt your phrases and store them, ensuring that you don’t have to remember your login credentials for each account. There are many choices out there, but one of the best free options is Dashlane.

5. Giving up login credentials in a phishing scam

You could have the strongest, most complex password in the world, but it wouldn’t matter if a hacker was able to successfully leverage a phishing scam against you. These campaigns often involve the cyber criminal doing what he can to trick you into believing he is a legitimate source over email, generally something like a bank or online vendor. Once you’re lured in, he finds a way to ask you for your password or other login credentials. Before you know it, you’ve been hacked.

While these messages are often extremely realistic, we’ve previously written on how to pick out a phishing email. Another way to help ensure you don’t fall victim to these kinds of scams is to invest in robust cyber security software. These products often have anti-phishing tools that can help you avoid the scam before it even starts.