When a website asks for a new password, your first impulse may be to keep it simple so it’s easy to remember—or to reuse previous passwords.

Both decisions can leave your identity more susceptible to hackers. Passwords that are easy to remember are also easy for others to guess. Using the same password across accounts makes them all vulnerable, says Gopal Padinjaruveetil, chief information security officer for AAA, who teaches people how to protect their digital identities.

“Passwords should be protected because they are the core of our digital identity,” he says. “Making sure you have a strong password is essential to help prevent identity theft.”

Here are Padinjaruveetil’s tips for creating a strong password:

1. Use a passphrase

The more characters in your password, the harder it is for hackers to guess. Using song lyrics or movie dialogue—but not a phrase that is too common—with a mix of letters, numbers and symbols is a good practice. Avoid using personal information that’s easy to guess, such as your spouse’s, children’s or pet’s name, or the name of the platform (for example, using “Facebook” as part of your Facebook passphrase).

Pro tip: If you know another language, use words from it in your passphrase.

It may be difficult to have a different passphrase for every account, but it’s best to avoid repeating passphrases. If one is stolen, your logins on other sites are compromised as well. At the very least, keep passphrases for your most vital accounts (such as your bank or insurance provider) unique.

Get a dose of reality about identity theft with these myths and tips.

Read the Story

In addition to a passphrase, two-factor authentication requires a second piece of proof to verify your identity, such as responding to a text message. This helps ensure no one can access your account, even if they have your passphrase.

Smartphones increasingly are relying on fingerprints and other biometrics as a substitute for passwords. Since the trend is still new—and there are related security concerns—do your homework before diving in.

Consider, for example, where your biometrics will be stored. Will they only be on your device (which is preferred), or will they also be on a server, which could be accessed by thieves? “If these are not protected, there is a big risk,” Padinjaruveetil says. “You can get a new password—you can’t get a new fingerprint.”

Your Partner in Protection

While using strong passphrases is important, there’s more you can do to protect your identity—and it’s easy. Your AAA Membership gives you free access to ProtectMyID® Essential for daily credit monitoring, lost-wallet protection and fraud resolution support. For a higher level of protection, upgrade to ProtectMyID Platinum.

Keep reading in: