We’re all creatures of habit. From kissing our teeth to whistling when we’re nervous, everyone has habits that they just can’t kick. Most of the time, these habits are perfectly harmless – if a little annoying. But some can be extremely dangerous, especially in the online world.

You may not know it but the way you use the internet is completely unique, and everyone has their own mixture of quirks which they resort to when surfing the web, purchasing items from eCommerce stores, or entering passwords.

But what if these habits are putting you at risk? In that case, it’s time to kick your dangerous habits. So check off your behavior against these online habits you need to get rid of ASAP.

Password1. Writing down passwords instead of using password managers

Passwords are a pain. To use them properly, each password has to be unique, and sufficiently different to others you use to make cracking them almost impossible. Most people know that, but are too lazy to actually put that advice into action.

Instead, many of us write down important passwords and post them on our wall, or leave them in notebooks next to our computer. And, even worse, it’s not uncommon to carry around shreds of paper with our smartphone or banking passwords.

These are terrible online habits. If someone enters your home and steals your computer, they could easily find your passwords right there waiting for them. And if you leave your coat lying around when you are out and about, it’s easy for thieves to steal your password. Before you know it, your bank account could be empty.

Thankfully, password managers make it fairly easy to juggle multiple unique passwords. Choose a leading app like LastPass or Dashlane, and forget about writing down passwords. It’s just too risky.

Check out our list of Best Password Managers out there.

Log out2. Failing to log out properly

Hands up if you always remember to press the “logout” button of every website you log onto. In any gathering of people, it’s a fair bet that very few hands would appear. That’s because most of us are too lazy to log out properly – whether we’re using PayPal, a Fantasy Football site, or Facebook.

And that can be a huge error. If you’re using public wifi or shared computers, failing to log out ethically can make it simple for malicious actors to take over your session – potentially transferring money or gaining access to your social media networks.

So always make a point of logging out. It’s not an optional extra for people with time to spare. It’s a vital part of staying safe online.

Incognito3. Using public wifi without VPN protection

On a related theme, most of us rely on public wifi but are probably using it recklessly. From coffee shops and restaurants to sports clubs, transport providers, airports, shops, and schools, unsecured wifi is everywhere these days. It’s all too easy to log on and surf the web as if you’re back home behind a firewall.

In reality, public wifi is riddled with security vulnerabilities. In extreme cases, hackers can easily use poorly configured networks to spread malware, incorporate users into botnets, or stage devastating man-in-the-middle attacks. And they can also take over routers, skimming off every packet of data sent by network users.

All of this makes your data very insecure, putting users at risk from identity theft every time they log on. But there is a solution. By installing a high-quality VPN (Virtual Private Network), you can use public wifi with much more confidence.

These apps shield your computer or smartphone behind an encrypted “tunnel.” At the same time, VPN tools anonymize your IP address, making it harder for hackers to find out who you are, and to target your data. So banish those lax wifi habits and tighten up your security: it’s just too risky not to have a VPN on board.

Permissions4. Get serious about app permissions

Almost all smartphone users rely on a portfolio of apps to make the most of their devices. And that’s great. It lets us connect with each other via WhatsApp or Snapchat, take amazing photos via Afterlight, or watch videos with Netflix.

However, apps have a much darker side, and can actually pose a huge risk to your online security. Especially if you aren’t aware of the permissions you grant them.

We’ve all been there: when you download an app and it asks for permission to access your other apps or social media accounts. There’s only so much time in the world, so many of us just click through. But that’s where the damage occurs.

Many apps have been found to use these permissions to inject malware onto smartphones, or to make illicit connections with our social media contacts. And it’s routine for apps to harvest data as we use them – as long as we give them permission to do so.

Apps can’t do any of this unless we grant those abilities (unless you’re using some seriously dodgy software). So it pays to be less permissive and more skeptical when it comes to permissions.

Use VPN5. Putting off those all-important updates

When you’re in the middle of writing an email or watching a movie on Netflix, the last thing you need is a pop-up from your OS developer telling you to update. And when that happens, the knee-jerk reaction is to put updates off for as long as possible.

However, this is another bad online habit that we need to tackle. While incessant update requests can be annoying, they have a vital security purpose. New exploits are constantly being found in Windows and iOS, and developers seek to plug these weaknesses via their updates. So putting them off could put you at risk from malware and viruses.

The same applies (unsurprisingly) to antivirus and antimalware software. These tools are only as effective as the databases they use to ID threats. And if those databases are left without updates, viruses can multiply.

Make a resolution to change your online habits forever

These bad online habits are endemic to web users across the world, and you may only be guilty of one or two. But any of them can lead to some pretty nasty consequences, and all of them can be changed with a little determination and the right counter-measures.

So be sure to download a great VPN and password manager, change the way you download apps, and always log out thoroughly. When you hear about other people falling victim to cybercrime, you’ll be glad you made the effort to boost your own defenses.