In 2014, one JPMorgan employee had his login credentials stolen by a hacker. The result was 83 million individuals and small businesses having their personal information compromised. So how do you keep your passwords safe, sacred, and out of the hands of people who would use them to do you wrong? Here are 9 essential rules for password safety to help keep your system secure.

#1  Take your password seriously

A 2014 survey by BetterBuys revealed that a good hacker with the right software could crack a six-letter password such as “beagle” in 0.29 milliseconds. If you add in your beagle’s birth year and make that password “beagle2006”, the hacker’s time to crack it jumps up to a little more than 10 years. Put a random character in front of the whole thing (#beagle2006) and the time to break it becomes 289,000 years.

#2  Never write your passwords down

Really, NEVER. Passwords should exist in your head. Writing them down gives thieves a precise copy of every website that is important to you and how to access it as well. That’s like having a robber open the front door to find you’ve drawn a map of your home showing them where all the valuable items are kept. If you simply must write them down, write them on a sheet of paper filled with other numbers, letters, and symbols so the average person could not tell which was which.

#3  Avoid easy keyboard combinations

Sure, everyone knows to avoid “abc” and “123” but plenty of people think “asdf” or “qwerty” are so much safer. Those are among some of the first combinations a hacker will try. Do yourself a favorite and think a little higher thinking before you set your password in stone.

#4  Never enter your password on a computer you don’t control

It might be convenient to check your email at the library or the copy store, but you have no idea who has put what malicious program in that system.

#5  Don’t share an account with anyone who isn’t family (for home use) or a coworker (for professional use)

You might think you’re best friends forever, but if a relationship goes south, you can never can tell what another person is going to do with access to your personal information.

#6  Change your passwords every 3-12 months

Some companies are smart enough to install software that forces you to change your password every 90 days. That’s a smart practice for two reasons; it lessens the likelihood of a password getting stolen; and if your password has been compromised, it lowers the number of days a hacker can use it maliciously before it’s changed again. Change all your passwords yearly at least. When you upgrade to a new phone, tablet, laptop, or desktop, you don’t want that piece of technology’s next owner to be able to snoop through your accounts.

#7  Make sure all of your important accounts have different passwords

Imagine a hacker swiping the login and password for your Mastercard. Ten minutes later, they use the same combo to access your Discover Card; then American Express; then your bank account. Using the same password for all your accounts is very convenient and thus, very tempting. But you’re setting yourself up for a doomsday scenario where all of your accounts are compromised at once, and it becomes that much more difficult to lock access and restore them.

#8  Don’t scrimp on your security software

When it’s your personal security at stake, does $50-$75 a year really seem so bad? Make sure you’ve got that software running all the time. Check the list of services to make sure your choice is resilient against malware and keyloggers.

#9  Never enter passwords when you’re using public WiFi

Anytime you’re not at work or your own house, never enter your passwords or visit any personal websites using the free public WiFi. If you have to do this, make sure to use a VPN to guarantee your safety. VPNs encrypt your data through a remote server before sending it on to the Internet and do the same thing over when the websites you visit send information.

The best VPNs

1ExpressVPN

One of the best VPNs for security purposes include ExpressVPN, which has split tunneling and a kill switch, along with a no-logs policy and its own DNS on all servers. Try Now Risk Free

2Private VPN

Private VPN is the pride of Sweden and has remarkable 2048-bit encryption, P2P functionality, port forwarding, and a strict no-logs policy.

3NordVPN

NordVPN has AES 256-bit encryptions, 24/7 customer support, and additional security tools like CyberSec.