How many passwords do you have? According to Naked Security, the average person now has 19 online passwords to remember. CESG says it’s 22 (that’s their infographic below).

In any case, that’s a lot of C4p$ and $ymB0ls to keep track of in your already oversaturated, overworked wee brain. (Did I say wee? I meant brilliant.) To help, many of us take the easy route and use the same passwords over and over. Or slight variations of it. CESG says we use the same passwords on 4 sites on average. (We suspect it’s even more.) But as you mother always told you, easy does not equal smart. (Or safe.)

Here are just a few ways your passwords can be usurped when you least expect it:

  • Prying eyes. If you use a public computer, or use your computer in public, smart cybercrims can easily spy over your shoulder. (For reals. Turn around. See that guy in the black shirt? Totally casing you right now.)
  • Unsecured networks. If you’re sending your password over a public or unsecure network, your password can be intercepted without your knowledge.
  • KeyLoggers. No, not vital lumberjacks. A key logger is a device installed to intercept and record passwords when they’re entered on a device. Similar devices have been used on credit card and debit card processing machines at gas stations and retain stores. Sneaky, and effective.
  • Good Guessing. No, we’re not kidding. You’d be surprised how many people use passwords that are some combination of things like their own name, birthdate, pet’s name, child’s name, and so on. (Come on, fess up. You’ve used one of those, haven’t you?)
  • Sheer force of will. Some hackers use automated systems to guess millions of passwords until the correct one is found.
  • Sheer stupidity. Some people leave their passwords on post-its right on their computers. Talk about unsecured.

So what can you do to protect yourself and your passwords?

  • Choose smart passwords (meaning passwords that don’t use the common factors we mentioned above) or better yet use a password generator to create unique, complex passwords.
  • Even better than that, use a centralized password service such as 1Password.
  • Use a VPN to secure your network connections wherever you go – on all your devices. (We use Cloak.)
  • Use unique passwords for online accounts, apps, networks, etc. (This is easy to do with 1Password. As the name suggests, you just have to remember one password, they do the rest.)
  • Don’t store passwords in plain text docs. (Or on post-its. Seriously. What is this, the year 2000?)
  • If you receive a failed login attempt notice, take note! Change your password and alert the application or organization that you may have been hacked.
  • Do an occasional reset—especially if you’re going to keep using manual passwords. If you’ve been using the same password for 5 years, change it up just to be on the safe side.

Take just a few minutes to protect yourself, and avoid dealing with the fallout of a stolen password later. You know what they say – an ounce of prevention is worth a pound of cure.