When it comes to online security, your first line of defense is your password. But, unfortunately, there are a lot of misconceptions out there about what a good password actually is. Here are five misconceptions about passwords — and the reality about each one to help you create the most secure accounts possible.

1. FALSE: Passwords have a maximum length.

There’s an idea that passwords have to have a maximum length, but that’s not true. Sites and accounts should hash your passwords and store the hash, not the plain text password, so it shouldn’t matter if it has 100 characters. (Although, obviously, 100 characters might be a pain in the butt for you!)

In general, longer is better when it comes to security because the longer it is, the harder it is to crack.

2. FALSE: Different characters and symbols are more important than length.

Despite what so many sites would have you believe, a combination of different characters and symbols is not more important than the length of your password. Length is absolutely the most important security aspect of passwords — and we’ll go into why in number three.

3. FALSE: You need a variety of different letters, numbers, and symbols for passwords to be secure.

You know how so many sites require that you include a number, a capital letter, some symbols, and your first born child? Those requirements aren’t necessary. They were originally designed so that people would have passwords that are harder to crack, but it turns out people are reusing easier to remember passwords instead — which completely defeats the purpose.

So instead of including a million different things, try a combination of three or more words that are totally unrelated, like “scissors-flamingo-door,” for example. That way you can remember it, but it’s not easy to crack.

Obviously, however, many sites are still using the outdated recommendations. Apply the same rules with those passwords, while still complying with their requirements.

4. FALSE: Passwords can’t include certain things.

There’s a belief that passwords can only include Latin letters and numbers and symbols to be valid, but that’s not true. They can include symbols in or writing in other languages. Theoretically, a password could include an emoji! But most sites won’t let anything outside of the standard Latin keyboard into their passwords.

5. FALSE: Passwords have to be easy to remember.

While it’s a good idea for passwords to be easy to remember if you’re storing them all in your head, you don’t have to keep them all straight there. Instead, use a password manager like LastPass. When you want to sign into a site or an app, all you have to do is open the password manager and it will automatically pull up the password for the account you’re trying to access.

With a password manager, all you have to remember is one key password to open the “vault” that stores all of your passwords. They also usually include password generators, so you don’t even have to come up with secure passwords yourself!

Despite all of their flaws, passwords are still the best way for you to secure your accounts. Don’t fall for these common misconceptions, and your accounts should be as safe as they can be.