Only 19% of website users protect their identities with multiple unique passwords, a survey has revealed.
Although this has improved from 41% three years ago, Sophos said the survey shows many computer users continue to overlook the importance of strong passwords.
The remaining 48% said they had a few different passwords, but did not have a unique password for each online account.
Using the same password for multiple accounts makes it much easier for hackers, said Graham Cluley, senior technology consultant at Sophos.
"Once a password has been compromised, it is only a matter of time before the fraudsters will be able to access other accounts and steal information for gain," he said.
Users should avoid standard dictionary words and common passwords like "admin" or "1234" as these are easy for hackers to crack, said Cluley.
The Conficker worm uses lists of 200 common passwords to attempt to access other computers on the network.
This means if one employee is infected, the whole corporate network could be compromised quickly if strong passwords are not enforced.
Cluley suggests picking a sentence that is easy to remember and using the first letter of every word to make up the password and replacing words like "to" and "for" with numbers.