Passwords are our first line of defense online, and the sad truth is most of us just aren’t very good at creating strong ones. We use the same weak passwords over and over again, despite knowing better.

And between high-profile data breaches, phishing schemes and brute-force password cracking apps for hackers, there’s no shortage of ways to break into someone’s account. Tap or click here for 5 sneaky tricks criminals use and ways you can fight back.

In fact, tech companies know how sloppy users are with passwords, and they’re developing harder-to-hack ways to secure accounts. Some believe biometric passwords will be the norm in the future, which means your physical body will be used to identify you. Are biometrics the best way to lock down your smartphone? Tap or click to compare PINs, passwords, facial recognition and fingerprints.

In the meantime, you need to up your password game. Take a hard look at your online accounts and follow these ground rules to keep yours protected.

Rule #1: Use all the characters — no exceptions

Show of hands: Who here among us has opted for a simple, easy to remember password? You’d be shocked at how many people have chosen to use a simple passcode like “baseball,” “123456,” or worst of all, “password” when creating an online account at some point or another.

We all have numerous accounts online, so going with the least point of resistance can help us create multiple phrases that are easy to remember. Anything beyond is a struggle to come up with and even harder to remember.

Start the day smarter. Get all the tech news and trusted digital advice you need in your inbox each morning.

Unfortunately, these simple passwords are also the easiest to hack. Entire databases exist of the most commonly used passwords on the web, and you can bet hackers are keen on this subject as well. Those are some of the phrases they try first when they attempt to brute-force an account open.

Is your personal info for sale on the Dark Web? Tap or click here to find out just how much cybercriminals are willing to pay for your Gmail password, credit card data and Social Security number.

For a more successful password, create one using a complex combination of letters, numbers and alternating capitalization. A phrase like “Bingo123” would be much better off as “biNg01789.” As you can see, the casing is alternated among the letters and the numbers no longer follow an exact sequence.

The more “random” or complex your password appears, the harder it will be to guess. And, naturally, using a more diverse palette of characters gives hackers more chances to fail when guessing your code. Don’t make the job easy for them!

Rule #2: Go big

You should also stay away from using an ordinary word as the basis of your password. This is simply due to the fact that words usually contain fewer characters. Additionally, algorithm-based password crackers are getting progressively better at figuring out individual words found in most passwords.

To get around this, go bigger. While a full sentence as a password might seem unfeasible, if you think about it a sentence is a string of consecutive words — perfect for abbreviation into an unrecognizable phrase.

TECH HOW-TO: Your phone is filled with photos, and cleaning them up isn’t as hard as you might think. Tap or click for 3 steps to organize your messy photo collection.

Here’s an example: Let’s say your favorite baseball team is the Cubs. If you’re a Cubs fan, there’s no way you’d forget their stunning World Series Victory in 2016. So, to remember your code, take the phrase “Cubs won the world series in 2016” and abbreviate it to “cwtwsi2016.”

Substitute some characters and cases and you’ll have “cwTw$i2016” — a far more complex password that is not only hard to guess, but easy for you to remember. Struggling to come up with these on your own? Tap or click to try a random password generator.

Try it with a phrase you won’t easily forget, and coming up with a sophisticated password becomes far more simple. You could also create a full-fledged passphrase, where you keep the phrase mostly intact, but replace certain letters and numbers with other characters and alternate between capital and lowercase. For instance, cUb$W1nW0rLd$3r13$1etNzOI6.

Rule #3: Set up extra protection

Of course, no account security is complete without fully deployed two-factor authentication (2FA). This handy security method has been around for some time now and revolves around using an additional form of identification in order to access your account. Most commonly, the platform will ask for your cell phone number, and you’ll verify your login attempt with a code the platform texts you.

This is a strong strategy for several reasons. First and foremost, it ties your account access to something only you possess — meaning only you or someone with access to your phone will even have the ability to get in. Second, you’ll be informed of any unauthorized login attempts right off the bat.

RELATED: Without two-factor authentication, hackers can take over smart home devices, including your home’s security system. Talk about scary. Tap or click here to learn what can happen if your accounts aren’t set up properly.

Most importantly, 2FA adds an additional step that most career hackers won’t even attempt to bother with. It’s too much hassle, and far beyond the abilities of any automated programs or brute force hacker-apps that might help crack your code.

Rule #4: Think outside the box

This is a struggle for many people, and understandably so. On average, people usually have at least one social network they’re a part of, a bank that they frequently access, service accounts for utilities, cloud storage and app store passwords, and several more accounts for their online activities.

Trying to remember more than one password is enough to make your brain hurt, which is why people tend to take the easy way out and just stretch the same password across multiple accounts. Sadly, this isn’t an option in today’s digital world. Hackers know how common of a mistake this mode of thinking is, and bank on it to reap their undeserved profits.

Usually, when a hacker guesses or cracks a password correctly, they attempt to use it on multiple platforms just to see if it’s likely to work and unfortunately, it’s all-too-common for their efforts to be successful. By using different passwords and passphrases across multiple platforms, you’re making a hacker’s work much more difficult. You will prevent a domino effect from occurring in the event of a breach, and are ultimately being more responsible with your data over taking the easy way out.

PRACTICAL TECH TIP: Need to record a call on your iPhone or Android? Tap or click here to learn how.

Here’s something else you might not have considered: When setting up an online account at countless sites, many will make you fill out answers to a series of security questions as an added layer of protection. There’s a problem with that method, however, because it’s not difficult for a hacker to get their hands on that information. It could be as simple as checking out your social media profiles to get those answers and access your accounts.

To lessen the risk, the answer is simple: lie. Don’t answer the security questions truthfully during the account creation process, and it’ll make it that much harder for a cybercriminal to crack. Were you born in Arizona? Answer the security question with something like North Carolina. Did you have a dog named Fred growing up? Instead, say you had a cat named Sparkles. Just remember that this security measure can backfire if you don’t remember your fake answers.

Since hackers work hard, it’s our job to work harder in the creation of diverse, strong passwords, passphrases and security questions. It’s too bad remembering them all can be a pain, but that brings us to our next rule.

Rule #5: Let a service do the work for you

A password manager is one of the biggest essentials for modern internet users. By using one, you’re putting your passwords under encryption, which helps keep them safe. Tap or click here to learn about one of my favorite options, KeePass.

Keep in mind, though, this is different than using your browser (like Chrome) to store your passwords. Browsers are still vulnerable to hacking and compromise, but a secure password manager gives you the upper hand against cybercriminals.

Of course, you’ll still need to remember a password in order to access your manager. Thankfully, though, this may be the last password you’ll need to remember at all. Just make sure it’s stored somewhere highly secure, like on a scrap of physical paper in your desk or in a special notebook.

BONUS TIP FOR EXTRA KNOW-HOW: The biggest mistake people make when signing up for streaming services

New to the world of streaming TV? If so, congrats on ridding yourself of your overpriced cable bill. You now have the freedom to pick and choose the channels you want without the extra charges cable companies like to add.

Millions have chosen streaming services as an alternative to cable, and recent studies indicate streaming will be in 25% of U.S. homes come 2022.

As you subscribe to your favorite streaming services, remember not to make this jumbo-sized mistake that can leave you with extra charges. Here’s how you can start on the right foot.

Tap or click here for this game-changing, money-saving trick.

What digital lifestyle questions do you have? Call Kim’s national radio show and tap or click here to find it on your local radio station . You can listen to or watch the Kim Komando Show on your phone, tablet, television or computer. Or tap or click here for Kim’s free podcasts.

Copyright 2020, WestStar Multimedia Entertainment. All rights reserved.