While nearly all respondents in a recent survey were aware of the risks associated with poor password hygiene, most people don’t appear to be doing enough to keep attackers at bay, the third installment of the LastPass Psychology of Passwords Report has revealed.

As many as 9 in 10 respondents surveyed by the password manager purveyor acknowledged knowing that recycling the same password or using a variation of it across multiple account was risky. Still, two-thirds used the same password or a derivate for all their online accounts, which is actually an increase of 8 percentage points from the survey conducted in 2018. The new edition of the survey took place in March of this year and canvassed opinions from 3,250 people on various continents.

The report also reveals that 53% of respondents haven’t changed their password in the last year even after they heard about a breach in the news. Also, 4 in 10 people believe that having an easy-to-remember password is more important than a secure password. Apparently some take it a bit too far, since studies have shown that year after year, passwords such as “12345”, “123456” and “123456789” top the lists of the most popular passwords.

One of the reasons people don’t apply proper password hygiene is that they underestimate the risk. In fact, 4 in 10 think that their accounts aren’t worth the hacking effort. One thing to remember is that everyone is a target. Your information can be part of a breach that involves millions of stolen credentials. That data can then be used to piece together other information, since if you recycle your passwords, bad actors can gain access to other services, including your online banking.

RELATED READING: How to spot if your password was stolen in a security breach

Speaking of which, almost three-quarters of respondents concurred that financial accounts need extra protection. About half said that email accounts needed stronger passwords since those are usually at the center of people’s digital identities and can contain tons of exploitable data. A third considers medical records sensitive enough to require protection by stronger passwords as well.

Luckily, most respondents realize that there are additional steps they can take to secure their accounts, such as multi-factor authentication (MFA). Only 1 in 5 wasn’t aware of what MFA was, while over a half said that they use it to secure their personal accounts and 37% use it at work.

To sum it up, you should avoid creating simple passwords and recycling them across accounts – two of the common password mistakes people make. Instead, opt for long passphrases, consider using a password manager and add that extra protection layer with MFA, whenever available.