Nearly four in five (79 percent) web users admit to using personal information and phrases in passwords, says Check Point.
Research by the security firm, which created the ZoneAlarm software, revealed more than a quarter (26 percent) reuse the same passwords for email, online banking or social networking accounts, while 8 percent claim they copy passwords from online lists of 'good' passwords.
Furthermore, more than 22 percent have had their social networking accounts hacked, and the same amount have experienced email hacking.
"Especially now, with online shopping on the rise this holiday season, consumers need to be aware of the importance of passwords and the fact that hackers are getting more and more sophisticated in cracking them," said Bari Abdul, vice-president of consumer sales at Check Point.
"By creating a unique password for each important account, consumers create the first line of defence against online thieves who can't wait to gain access to critical data for financial gain."
Check Point urged web users to use passwords that are at least eight to ten characters long, are a mixture of letters and numbers, and do not contain any personal information such as family names, addresses, birth dates or phone number.