Every year, there are an estimated twelve million victims of password hacking. Yet not everyone knows what it takes to keep a password truly secure. In honor of World Password Day (May 4, 2018), we’re doing our part to raise awareness about password security and help you protect yourself online.

Password security isn’t exactly an entertaining topic, so we decided to wrap it in something a little more fun—pop culture. To get a better grasp on what people already know about password security, we asked people a mix of password security and pop culture questions in an online survey. The results were disheartening.

We found that people know nearly twice as much about pop culture as they do about password security.

On average, survey respondents got 52.13% of pop culture questions correct but only 29.5% of the password security questions correct. The good news is that by paying just a little more attention to an admittedly boring topic, people could better protect their valuable information online.

So, what do people know and what do they need to learn?

“Who is Kim Kardashian’s husband?” had the most correct answers in the whole survey. About 80% of people knew it’s Kanye West. Perhaps the most surprising part was that male respondents actually got this question right 14% more than women.

Pro Tip: While following the drama of celebrities can be fun, spending a little time to come up with a longer password will pay off more in the end, especially if you’ve got West money to protect. Just don’t follow Kanye’s password security strategy.

Make your passwords as long as you can while still remembering them. Each character you add is one more character a hacker has to get right to break in to your account.

When Justin Timberlake performed at the 2018 Super Bowl Halftime Show, he was also promoting the release of his album, Man of the Woods, hence the odd wildlife wardrobe. But you don’t have to move off the grid and become a “Man of the Woods” to protect your online identity. You just need to stay diligent and be smart about the passwords you choose.

Pro Tip: You can choose stronger passwords like “goosegerbilcoffeeiphonepluto” instead of weaker ones like “Sc#3m@t1c”. These are the examples from the question that 78% of our survey respondents got wrong. Why is the first option stronger? Recent guidelines show substituting numbers or other characters for letters doesn’t make passwords as hard to crack as increasing password length does. Humans may find passwords with multiple symbols harder to guess, but most hackers use software to try to crack your code, which changes the game.

At the beginning of the 2016 NFL season, New England Patriots quarterback Tom Brady served a four-game suspension for his role in the “Deflategate” scandal. Brady was accused of working with a Patriots equipment manager to deflate footballs below the league-allowed minimum, presumably to make them easier to grip and throw.

As part of the investigation, league officials requested access to Brady’s cellphone records. Brady refused to provide those records, showing that even Super Bowl MVPs have personal data on their devices they’d like to keep private.

Pro Tip: Whether you’re under investigation by the NFL or not, changing your password every month won’t improve password security and usually makes it worse.

When you continually come up with new passwords,  you usually end up either keeping them short or writing them down. Both are bad options. Writing down your password may save you some memorization, but it also makes that password highly vulnerable. Instead, choose a strong password that will last you a long time.

More respondents knew Taylor Swift’s lucky number than the most common way to get hacked.

Taylor Swift was born on December 13, 1989. This is part of the origin for Swift’s lucky number— thirteen. Whether our survey respondents knew the reason behind the number or not, more of them knew Swift’s lucky number than the most common way to get hacked.

Coincidentally, the World Wide Web was also born in 1989. People have used the web to hack personal information ever since. The most common strategy used for this nefarious end is called social engineering.

Pro Tip: Most social engineering scams have more in common with old-school cons than they do with high-tech hacking. These scams, like the infamous Nigerian prince email, try to trick people into giving up information or access to information under the guise of needing help or offering some benefit to the victim.

Avoid social engineering scams by following these guidelines:

  • Don’t send money to people you don’t know.
  • Don’t give out personal information on unsecured websites or emails.
  • Don’t let people you don’t know—even delivery men—into your home, office, or apartment building.

There is a new hope! More people knew how to tell if their identity had been stolen than that Jar Jar Binks first appeared in Star Wars: The Phantom Menace.

With World Password Day on May 4 (May the Fourth Be with You), how could we not have a Star Wars reference?

The collective and determined effort by Star Wars fans to forget about the debacle of putting Jar Jar Binks in the first prequel seems to be paying off. This was the one section where people knew more about identity theft than pop culture.

Pro Tip: In case you know more about Jar Jar than you do about identity theft, here are three simple ways to tell if your identity has been stolen.

  1. The IRS tells you the wage amount you reported is different than what your W-2 says.
  2. You get mailed a credit card or a bill for a credit card you never signed up for.
  3. There are charges on your credit card you didn’t make.

Detecting identity theft as quickly as possible can help minimize the damage a person can do when they get your information. Stay vigilant and “May the Fourth Be with You.”

Do you know who to call if your identity is stolen?

We made a few jokes in this article, but identity theft is no laughing matter. Hopefully you’ve learned some good ways to help protect yourself online. The last item from the survey we want to address is what to do if you discover your identity was stolen.

This question had multiple correct answers, and most people were missing at least one of the right answers.

If your identity has been stolen, here are the places you should call as soon as you can.

Call the local police (non-emergency).

You don’t need to call 911, but you should notify police so they can either open an investigation or add your claim to any ongoing fraud investigations. This may help police find the party or parties responsible. You can usually find this number on your city’s website, or in the phone book if you’re oldschool.

Call the Federal Trade Commission. (1-877-FTC-HELP)

The Federal Trade Commission (FTC) handles fraud claims on the federal level. Many fraud cases cross state lines, so they fall under FTC jurisdiction.

Call the fraud department of the companies where your information was stolen.

If you know the website, store, or organization where your information was stolen, contact their fraud department. It may have policies in place to help you and could also have information about what to do next if it has happened there before.

Call your financial institution and all three credit bureaus (Equifax, Experian, and TransUnion).

People often steal another’s identity so they can open a line of credit under the victim’s name and run up a bunch of charges. If this happens to you, it could destroy your credit score.

As soon as you notice your identity has been stolen, let your financial institutions know so they can limit access to your account and stop the scammers from draining you bank account. Also, contact the three credit bureaus, Equifax, Experian, and TransUnion. They can work with you to minimize the effects the fraud has on your credit.

Do Yourself a Favor: Update Your Password

Now that you know a bit more about password security, identity theft, and fraud, you can choose a password that helps protect your personal information online. So maybe the next time you’re Keeping Up with the Kardashians or watching the Super Bowl, you’ll take a minute to think about your online security and won’t just “Shake It Off.”