By Ian Bush, Melony Roy

PHILADELPHIA (CBS) — Your online life is under assault. You know this all too well if you’ve gotten word from Yahoo, LinkedIn, Tumblr, eBay, MySpace (and on and on) that your account has been breached.

So, let’s look at best practices for passwords. Using ‘1234567’ is unsafe. ‘Dadada’ — that’s how Fecebook CEO Mark Zuckerberg got hacked.

“When the criminals get your password, they’re going to go and try all the popular services, the popular financial brands, and they’re going to try that same password that you have across all of those accounts.”

Tip #1, from Drexel University cybersecurity expert Rob D’Ovidio: don’t use the same login for more than one account.

“A strong password has a combination of letters, numbers, using capital letters interchanged with lower case letters,” D’Ovidio said. “And — if the account services allow — using some special characters.”

Now, if you’re like me, you’ll bristle at the thought of doing that — how do you remember all these passwords without writing them down?

That’s where a password manager, like Dashlane, LastPass, or 1Password, can help. They create very hard to crack credentials, and make it painless to access your accounts using an app or browser extension — just make sure to keep the software updated.

Your best shot at a secure online life combines something you know — your password — with something you have, like your phone.

Sign into a site, and you’ll get a text message telling you to type in a code.

Most email, banking, and shopping apps and website offer that two-factor authentication. If yours doesn’t, ask why they don’t value your security — and consider switching.

Watch & Listen LIVE