Even though most people understand the importance of creating strong passwords, they don't always follow the best practices.

Twitter on Thursday revealed the folly in not creating unique passwords for each account you own when it announced that it had discovered an internal log of unsecured passwords in its computer network. The problem was caused by a network bug and there's no evidence that the unscrambled passwords ever left Twitter's systems, the company said.

But, out of "an abundance of caution," the company has advised all users to change their Twitter passwords, as well as the passwords for every other account that shares the same login info.

More than half of 2,000 people surveyed in the U.S. and Europe have admitted to using the same password for multiple accounts, according to a new study from the password management provider LastPass by LogMeIn. And many say they'll continue to use that password for as long as possible.

In other words, they have no plans to change it until it's expired or—worse—compromised by a data breach.

LastPass says the biggest reason people cite for reusing passwords is fear of forgetting them. But respondents often point to a desire to know and be in control of all passwords, too. 

More on Data Security and Privacy

Cybersecurity experts say that kind of thinking can make you an easy target. Good, protected passwords are your line of defense against cybercriminals. And that defense is becoming increasingly important as the number and size of computer hacks continue to grow.

In just the past year, millions of consumers have been affected by breaches at companies such as Equifax and Uber, not to mention phishing and malware attacks on individuals.

Here are some tips for creating strong passwords and keeping your online accounts safe, along with links to further Consumer Reports resources that will help you do even more.

Go Long and Complicated

While “Password123” may be easy to remember, it’s a disaster when it comes to security. Hackers like to go for the low-hanging fruit and try the obvious options first.

Ideally, a password should be composed of a long string (think at least a dozen characters) of seemingly random upper- and lower-case letters, numbers, and symbols. One of the best and easiest things to do is to create a long password out of an easy-to-remember phrase, then throw in some special characters.

For example: “Th3Qu1ckBr0wnF0xJump$0verTh3LazyD0g”—though it would be better to use a phrase that you make up yourself.

Don't include your name, birthday, or references to other personal details (yes, that means your kids’ personal details, too). Hackers routinely troll Facebook and Twitter for clues to passwords like those.

This same logic applies to smart home devices such as webcams, TVs, toys and even some high-end refrigerators. Many come with default passwords that should be changed the moment you take the product out of the box. There’s no easier password to hack than one you can find in a manual or online.

And don’t forget about your router. According to research done by Symantec, one of the world's largest cybersecurity companies, 37 percent of people haven’t changed their router’s default password.

Don't Recycle

Even a tech minimalist has countless passwords these days for everything from bank accounts to Pinterest. That’s a lot to remember, but don’t follow the temptation to use the same password for multiple accounts or to recycle an old favorite.

More than 1 billion passwords were stolen from Yahoo in a handful of breaches over the past several years. You wouldn’t want that same password to be tied to your credit and bank accounts as well. Hackers routinely test passwords stolen in mega breaches on financial accounts.

If the thought of remembering so many complicated passwords is intimidating, think about using a password manager. Some are free; others cost a few dollars a month.

Services like these generate, retrieve, and provide top-of-the-line passwords for each of your accounts, using super strong encryption to protect them. They’ll also make sure the site you think belongs to your bank actually does, before you hand over your credentials. All you have to do is remember the one password you create for that service.

Fair warning, password manager companies have been hacked in the past, but that doesn't mean user passwords were actually acquired by the bad guys. Overall, many cybersecurity experts say they’re the lesser of many evils.

Always Use Multifactor

Multifactor authentication—which asks users to enter a second form of identification, such as a code texted to a smartphone or a biometric identifier, such as a thumbprint—has become a must.

What multifactor authentication does is make it a lot harder for hackers to access your account, even if they have the password. Its use is standard practice in business, and services including Google, Facebook, and online banking sites offer it as an option, but you often have to turn it on. Yes, this will slow you down a bit, but frequently, it’s enough to make hackers look for another target.

Embrace Change

Did you just toss your toothbrush? Maybe it’s time to change your passwords, too.

The longer a password hangs around, the more likely that it’s been stolen or deciphered by a hacker. And, if a company announces that it’s been hacked and credentials have been stolen, change your password right away, even if it appears your account wasn’t affected. It often takes time for those investigating a hack to determine exactly how bad the fallout is, and breaches are often worse than they first appear.

On a related note, it’s also wise to periodically clean out your digital closets, just like the physical ones in your home. Have an AOL email address you don’t use anymore? A Myspace account? Close them out so you don’t have to worry about them getting hacked. 

Don't Be Too Social

Be careful what you share and who you share it with.

This lesson was driven home by the recent revelation that about 87 million Facebook users had their profile information and "likes" harvested—without permission—by a third-party quiz app. 

If you’re going to post personal details about yourself (or your family), make sure your accounts are locked down and change your privacy settings to restrict your posts to real-life “friends.” Consumer Reports shared tips for protecting your kids’ personal information in a previous story, but here's the short version: The entire world doesn’t need to know where they go to school and when they celebrate their birthdays.

And keep in mind that even if you think you have your account locked down, nothing shared on social media is ever truly private. So, think before you trade your privacy to play a Facebook game or take part in a what looks like a harmless quiz.