A commonly overlooked step to protecting your personal tax and financial data is using strong passwords to protect online accounts and digital devices from data theft.

The Internal Revenue Service, state tax agencies and tax industry remind taxpayers that using strong passwords and keeping them secure are critical steps to preventing thieves from stealing identities or money. This is just one of a series of tips offered this week as part of the National Tax Security Awareness Week.

In recent years, cybersecurity experts’ recommendations on what constitutes a strong password has changed. They now suggest that people use word phrases that are easy to remember rather than random letters, characters and numbers that cannot be easily recalled. A new example: SomethingYouCanRemember@30.

Protecting access to digital devices is so critical that some are now using fingerprint or facial recognition technology. But if you are still using password protections, consider these tips to protect devices or online accounts.

Use a minimum of eight characters; longer is better.
• Use a combination of letters, numbers and symbols, i.e., XYZ, 567, !@#.
• Avoid personal information or common passwords; opt for phrases.
• Change default/temporary passwords that come with accounts or devices.
• Do not reuse passwords, e.g., changing Bgood!17 to Bgood!18 is not good enough; use unique usernames and passwords for accounts and devices.
• Do not use email addresses as usernames, if that is an option.
• Store any password list in a secure location, such as a safe or locked file cabinet.
• Do not disclose passwords to anyone for any reason.
• Use a password manager program to track passwords if you have numerous accounts.

Whenever it is an option for a password-protected account, users also should opt for a multi-factor authentication process. Many email providers, financial institutions and social media sties now offer customers two-factor authentication protections, which adds an extra layer of protection for your accounts.