Nearly four in five (79 percent) web users admit to using personal information and phrases in passwords, security software firm Check Point has said.
Research by the firm, creator of the ZoneAlarm software, revealed more than a quarter (26 percent) reuse the same passwords email, online banking or social networking accounts while 8 percent claim they copy passwords from online lists of 'good' passwords.
Furthermore, more than 22 percent have had their social networking accounts hacked, and the same amount have experienced email hacking.
"Especially now, with online shopping on the rise this holiday season, consumers need to be aware of the importance of passwords and the fact that hackers are getting more and more sophisticated in cracking them," said Bari Abdul, vice president of consumer sales at Check Point.
"By creating a unique password for each important account, consumers create the first line of defence against online thieves who can't wait to gain access to critical data for financial gain."
Check Point urged web users to use passwords that are at least eight to ten characters long, are a mixture of letters and number and do not contain any personal information such as family names, addresses, birth dates or phone number.