Do you use the same password everywhere online? You’re not alone. 55% of people use the same password for most, if not all, websites. It seems innocent enough, but it’s a bad practice, and could cause you irreparable harm down the line if you don’t change your ways.

Why? once that password is compromised on a single site, hackers can, and will typically try that same login information at countless other sites. You may use a certain login for Ebay – someone hacks that account. No big deal right? You contact Ebay and get it figured out. All good? If you use the same credentials for your online banking account, you could be in for a world of hurt.

So how do you protect yourself? For starters, use a different, difficult password for each online account you have. Don’t use simple phrases or dictionary words. Well how am I supposed to remember all these passwords? You could put together an excel spreadsheet and store all your passwords there. But what if someone gets into your computer and accesses your password spreadsheet? Yeah, no good either.

Your best option is to use password management software – for this article, we’ll discuss Lastpass, It works almost like having a spreadsheet of hard to guess passwords, but stores the data more securely. You only have to remember one, difficult password to access your “Vault” and you can store, and use strong passwords for all your online accounts. It’s available as an app on your smartphone, and as a plugin for most major browsers, so you can login to your bank of america account, simply by clicking on your login box, and selecting your stored bank of america password.

Using Lastpass, you can generate long, difficult to guess passwords that you’d never remember in your mind, such as “VifmJ*7rf3woTwO893” – which would take a modern computer about 7 Quadrillion Years to guess.

Ok, so you’ve downloaded lastpass, changed all your passwords to stronger versions, but what about the master password to your lastpass vault? What if someone guesses or breaks into it? It’s entirely possible.

To guard against that threat, we’re going to introduce two-factor security. What does that mean exactly? It means you really need two passwords to login to your account, the “Master Password” that you’ve explicitly set, and a second “Token” or one-time-use password generated by a physical device, which you absolutely must have present in order to access the account.

In comes the Yubikey. Yubikey is a small device, similar to a USB Thumb Drive, you can keep it on your keys, and has a small button on the outside.  When plugged into a computer, it acts as a keyboard. When you press the button, it fires off a single-use password that only the device is capable of generating.

When used with Lastpass, even if someone uncovers the password for the account, they still can’t get in without the randomly generated code that the yubikey provides.

Additionally, you can enable two-factor authentication to add security to your existing online accounts from Google, Facebook, Salesforce and Dropbox.

So think about it as a small insurance policy. A couple bucks a month to protect yourself from hackers online.

Yubikey is available online from several retailers for about $40

Lastpass is available for $2/month for individuals and $4/month for families (up to 6 users)