russia hacking
A man types on a computer keyboard in Warsaw in this Feb. 28, 2013, illustration file picture. REUTERS/KACPER PEMPEL

We all know the feeling of checking your email and seeing an ominous subject line warning that one of your accounts may have been compromised. Yahoo had a massive hack that impacted 1 billion users in 2016, last summer many celebrities were the victims of Twitter account hackings, even the Democratic National Convention was hacked.

Most recently a Cloudflare breach prompted consumers with Uber and Fitbit accounts (as well as more than 5.5 million other sites) to scramble to change their passwords.

So how can you protect yourself against one of these attacks and how do you know if your password is secure? If a company holding your personal information (including passwords) is hacked, one of the only things you can do is change your password immediately. Ideally any company holding your personal information has the highest security possible, but that’s not always the case. So in the event of a hack you want to make sure you’re as prepared as you can be.

How to change your Uber password:

If you know your Uber password the process is simple : go to “settings” in the app menu, tap the bar that shows user info, select your password as the info you want to edit, enter your current password and create a new one that is at least five characters long.

If you don’t know your password, the process is a little different. You’ll have to either visit Uber’s site, or choose “forgot password” on the sign in page of the app. You should get an email to the account associated with Uber with a link to change your password.

When you do reset a password, make sure the new one you create it strong. One of the best defenses against a hack is a strong password.

What Is A Strong Password? How To Create One?

To start, don’t use the word “password” or any variation of it. There is hacking software that can substitute letters for symbols like “@” and “$” so using those in place of the letters “a” and “s” won’t protect you as much as you may think.

If you’re using symbols as part of your password though, you’re on the right track. The more irregular characters you include the more difficult it will be for a person—or a software—to crack your password.

Avoid using words that have anything to do with your username, name, birth date or that you’ve used before.

Some companies or sites require that you use a certain number of these character when signing up. Apple requires its users create passwords that are eight or more characters in length, include at least one number and have lower and upper case letters that don’t include their Apple ID or any password they’ve used in the last year. They also encourage the use of special characters like punctuation or symbols.

But other companies like Google only require passwords to be at least eight characters long, anything else you add is up to you.

The strongest passwords usually meet Apple’s standards. More than eight characters, a combination of upper and lowercase letters and numbers or symbols. When in doubt about the strength of your new password, you can use an online password checker. But if you’re worried about putting your new password into a site, just use the guidelines above.

You don’t have to change your password frequently:

The Federal Trade Commission advises only changing your password when you believe its been stolen or compromised. Their reasoning? A study out of the University of North Carolina Chapel Hill found that hackers have an easier time cracking a previous password, and then can test variations of the previous password to guess the current one.

What’s two-step verification?

Many mail servers have added the option of two-step verification as an extra layer of protection. If you choose to enable two-step verification, you’ll get a text or call when there’s an attempted login from a new device containing a code you’ll have to input on that new device. The idea is that if someone gets your password and tries to use it on something other than your devices, they won’t be able to get the verification code to complete the login.