MATT LAUER, co-host:

This morning on TODAY'S CONSUMER PASSWORD--CONSUMER,
password overload. Quick, what's your ATM password? What
about your e-mail account or the password you use to check
into your computer at work? If you can't keep them all
straight, you're not alone.

Automated Voice: Please dial your password.

Unidentified Woman #1 (Consumer): I probably have about 15
to 20 passwords.

Unidentified Man #1 (Consumer): Twenty-five different
passwords.

Unidentified Woman #2 (Consumer): It's kind of crazy that
there's so many passwords for every different Web site.

LAUER: The average person has at least six passwords.
Think about it, online banking, shopping on a Web site and,
in this modern age, their user IDs, single sign-ons, voice
mail access and security system codes. Are we simply
becoming a password nation?

The most common password? Well, according to PC magazine,
it's actually "password." Experts say you shouldn't be
surprised. The brain can only hold a limited amount of
random information in short-term memory.

Dr. GARY SMALL (Director of UCLA Center on Aging): The
trouble is do we really want to spend the mental energy to
remember all these different passwords? I think most of us,
the answer would be no. We want to keep it simple. We
want to make it easy so we can get the job done.

LAUER: Other favorites: 123456, ABC123 and simply
"letmein."

Unidentified Man #2 (Consumer): I have a hard time
remembering all the different things that I need passwords
for.

Unidentified Man #3 (Consumer): It's easier to make just
one password and stick with it for everything.

LAUER: Easier, yes. Safer, no. If you want to protect
against hackers, you better dig a little deeper for that
password.

Mr. RICH DeMURO (Senior Editor, CNET.com): A good password
has a large amount of characters, a combination of numbers,
uppercase and lowercase characters, and some sort of little
special symbol that you throw in there, as well.

LAUER: Have we become a password-obsessed society?

Unidentified Woman #1: I guess it's obsessive. But, I
mean, what else are you supposed to do? I--if you want to
work online in our new world, the most convenient way to do
it is to have passwords.

LAUER: Jim Stickley is a cybercrime expert with
TraceSecurity.

Hey, Jim. Welcome back. Good to see you.

Mr. JIM STICKLEY (Cyber Crime Expert): Morning.

LAUER: Do you mind if I say what you said during that
piece? You said, 'I've broken into so many accounts using
the password "password."' People really do it, don't they?

Mr. STICKLEY: All the time. It's just unbelievable.

LAUER: The temptation is to pick a password, means
something in your life, easy to remember, maybe with a lot
of characters, upper and lowercase, but to use that one
password for everything. Why is it such a bad idea?

Mr. STICKLEY: Well, I mean, if you're at the office, for
example, and I can get your account and I find out just for
some crazy reason what your password is to one account, I
now have access to any other system that you have access
to. It's that simple. If you're online and let's say you
go to eBay and somehow I get that password, well, now I'm
going to immediately go over and check out PayPal and see
if I can use that same password there.

LAUER: But on the other side of the coin, is it really
necessary to have a different password for every single
application these days? Because, you know, between all
these accounts and online shopping and BlackBerrys and--you
can have dozens of them.

Mr. STICKLEY: You can. And it sounds miserable. My
suggestion there would be--is to switch it up a little bit.
Use something that you're comfortable with, something
that's kind of creative, kind of, you know, different. But
then change up a few of the characters for each different
account.

LAUER: How often would you suggest people actually change
their passwords?

Mr. STICKLEY: Oh, every 90 days, at least.

LAUER: All right. And what are the biggest mistakes?
Other than using the word "password," what are the biggest
mistakes people make?

Mr. STICKLEY: They use things like a pet's name or a
family member's name, something that's really simple to
them but that I could also guess really quickly. Also, if
they use something, like, out of the dictionary--let's say
you use the word "triathlon." You go, 'That's really
creative,' but password-cracking software can break that in
about 15 minutes online or on the network.

LAUER: OK, so now we've got--the average person has six
different passwords or at least need for six different
passwords. The question is where do you keep all these
passwords? And one of the tips you recommend is never keep
them on one piece of paper hidden in one location.

Mr. STICKLEY: Absolutely. So many times you flip up a
keyboard and you look underneath and there's people's
passwords written on a Post-it note. You just can't do
that. I mean, worst-case scenario, cell phones now have,
like, those little password vaults, where you just have to
know--

LAUER: Right, Password Keeper.

Mr. STICKLEY: Exactly. You know one password and then
that stores all the other passwords. Make sure that one's
strong, and at least you're on the right track.

LAUER: All right, but be creative, don't be too simple
about it, and change them up every 90 days.

Mr. STICKLEY: At least.

LAUER: All right, Jim Stickley. Jim, always good to have
you here. Thanks very much.

Mr. STICKLEY: Thank you.

LAUER: Good advice.

# # #.