Roughly 20% of people reuse passwords across multiple sites, and many don’t know the difference between a good password and bad password. You’re smarter than that — you read this newsletter! Remember, using three random words in a password is more secure than selecting random letters and numbers.

Saw this one coming: Cybercriminals are posing as employees of the password manager app LastPass to hack your passwords. It starts with an email from “support@lastpass” about “unauthorized access.” The fake site they send you to grabs your real master password. With all the security incidents at LastPass within the last couple of years, I’m not surprised.

Watch for a new “reset password” attack: Bad guys bombard you with messages to reset your Apple ID and then call you, pretending to be Apple Support. Don’t reset your password, and don’t give out your password over the phone.