Researchers say most of us use the same password for everything and we use common ones, like "welcome" or "password" that's not very secure. But how are you supposed to remember all those combinations of letters and numbers? Well now there's a way to use hundreds of passwords without having to remember a single one.
The last time we saw Eva Alkana, she'd just fallen for an Internet phishing scam. Someone pretending to be from Norton Internet Security actually took over her computer.
"She said, 'Oh, good, give me your credit card number,' and I did," she said.
The scammers also got her username and password. Experts say that could do more damage than anything.
"They get the list of usernames and passwords and then they go and start trying those on Bank of America, on Gmail," Electronic Frontier Foundation spokesperson Seth Schoen said.
Schoen studies Internet scams. He says predators who get your username and password from one site will try the same log-in to break into all your other accounts.
"This happens every day because people are re-using account names and passwords from one site to another," Schoen said.
The way to foil the con artists? Use a completely different password for every single account -- no matter how small.
"And so people say, 'Well, I couldn't possibly remember a different password for every site,'" Schoen said.
It's no easy trick. Schoen points out most consumers have dozens of Internet accounts -- everything from email to Facebook, Twitter, shopping and bill pay. Schoen has 200 online accounts.
"People say, 'I use 100 different websites, how can I remember 100 different passwords?' And I say the modern answer to this is to use the thing called password safe," Schoen said.
Schoen says there is a solution. Virtual "lockboxes" for your passwords. He uses a free download called KeePass. It remembers all your passwords for you.
Schoen shows us how it works. He enters his Facebook account into KeePass and then types a string of gibberish for a password. Schoen doesn't even know what the password is. He simply copies and pastes it to log in. All he needs to remember is one master password which he creates to access his lockbox. He says that word should be impossible to guess.
"One very secure password that you've really got to make un-guessable and you've really got to remember it," Shoen said.
He recommends stringing together four or five unrelated words.
To ensure security, no one can re-set the master password. So if you forget it, you lose access to all your accounts.
Shoen says consumers like Eva Alkana should change all their passwords. She did that right away, but still worries about predators.