Experts: Don't be lazy about passwords

Work, email, banking, shopping – How many passwords do you juggle? How many can you remember?

Computer security experts don't bother with memory. Instead, they use tools to manage multiple passwords which they say keep accounts more secure.

Richard Biever is the chief information security officer at Duke University. He says every single account needs its own password.

"I have three passwords I have memorized out of about 240, and the rest of them, I don't know," Biever said. "What makes a password a good password is length and randomness."

His tactic combines two best practices: a few key passwords plus the use of a password manager to randomize the rest.

Programs and applications like Lastpass, Dashlane and 1 Password come highly recommended.

When a hack happens, Biever points out, it is just the tip of the iceberg. Hackers use the data they collect to see what else they can get into.

"The fact that we reuse passwords plays right into their hands," he said.

Brian Wilson, information security manager at SAS, says he protects more than 1,000 accounts with a password manager and a second step, called two-factor authentication.

That second step requires that a user reply to a text or email message to verify their identity.

"It makes a big difference in security if your password does become compromised because you did reuse it somewhere else," Wilson said "The person can still not get into your account because there's an extra factor that they don't have. They're not going to have your smart phone."

Wilson and Biever also say people need to stop being lazy with passwords. Don't use family names, significant dates and sports teams. Instead of a password, think of a phrase that incorporates letters, numbers and special characters.