In honor of #NCSAM, here are some tips for keeping your accounts and devices safe on the web.

1. Don’t reuse passwords. Better yet, use a password manager like LastPass. Why? If someone gets access to your username and password for one account, only that account is vulnerable. But if you reuse passwords, they now have access to multiple accounts. If someone can steal your Pinterest password and then log into your bank account, that’s a problem.

2. Set up two-factor authentication. This is when you use something in addition to a password to log into an account. This helps keep criminals out because they have to know your password and something else to get into your account. The “second factor” is typically a code that you get (from a device, an app, or a text) that you enter after you log in to a site with your username and password. The code is usually time-limited, so you have to enter it within a certain period of time, otherwise you can’t get in.

3. Password-protect your devices. If they get stolen, the criminal can’t access your personal information. Bonus: nosy people also can’t access your information.

4. Close accounts you don’t use. While harder to do and remember, if you’re not logging into an account often, you’re less likely to notice if it gets compromised. Often dormant accounts can have information in them that could be useful for gaining access to another of your more valuable accounts.

5. Keep your important email separate from your junk email. Do this in address at least, if not inbox. Use a separate email address for making throwaway accounts or signing up for newsletters, and another one for more valuable accounts. You can focus on protecting the more valuable account, and share the less valuable email address more widely. Keep linkages between the accounts low.

Tips for your devices.

1. Update software on your device as soon as possible. If you get a software update that contains security updates, install it as soon as possible. Most operating system updates will have security fixes. Turn automatic updating on when possible.

2. Use anti-virus. Still one of the best ways for you to protect yourself against common malware and adware. Keep this updated too.

3. Don’t click on stupid shit. If it looks suspicious, don’t click on it. If it seems too good to be true, don’t click on it. If a popup won’t let you close your browser until you click on it, definitely don’t click on it (force-quit your browser instead).

4. Use an adblocker or block Flash. Use uBlock Origin as an adblocker, or set Adobe Flash Player as click-to-play, or disable it if you don’t watch videos often. Disable or uninstall Shockwave Flash altogether. This protects you from malware distributed through advertising, also called malvertising.

5. Install trusted software. What does it mean to trust software? You’re downloading it from Apple’s App Store, or the Google Play store. Reviews are positive. If it’s a website, it’s the developer’s website or CNET. When you download it, you don’t have to spend five minutes trying to decide which download button is the safe download button.

There are many more tips that I could recommend, but as it is, I only follow half of these—and that’s why I’m posting them here. They are best practices that are hard to keep up with. So start with one, or two, and every few months (or every year, in honor of National Cyber Security Awareness Month) add a few more good habits to your online life.