"I need a password for my banking online," she said. "I need a password for work. I need a password for my BlackBerry, Yahoo blogs, my AOL email account. I have a password for my Outlook account at work."
At Consumer Reports, 80 percent of the IT department's work involves resetting expired or forgotten passwords. Dean Gallea, who oversees the computer testing, says using a weak password leaves you vulnerable to identify theft.
He said, "A weak password contains information about you that's easy to find out: your name, address, birthday, or some variation of those things."
Using one password for everything is a mistake. If ID thieves get the password to, say, your Amazon account, you could have unintentionally given them access to your bank account. For stronger e-security, three passwords are ideal -- one for financial web sites, another for sites with your personal information, like Facebook, and a third for sites that have no confidential information, like blogging sites.
"Make it easier by starting with something you can remember, like a childhood friend's name, maybe spelled backwards," Gallea advised. "Then add some numbers or symbols to the beginning and end. That way, if you have to write it down, you can just write down the add-ons."
New technology can also help. There are devices that let you scan your finger in order to log on to websites, and certain computers now use facial recognition software to let you log onto the computer.
A new survey from Microsoft found frequent password changes may do very little to improve your security. That's because most of the time, anyone who steals your password will use it immediately.