TODAY | November 24, 2012
>> secure are your online passwords?
>> experts predict there will be more than a billion hacking attempts this year. criminals want to get into things. so we will hopefully help you make your password more sophisticated because your password procedures may not be. here's tom costello.
>> reporter: nancy calls them evil geniuses, the people who hacked into all of her online accounts, deleted everything, including a book she was writing, even changed the name of her pet and sent out e-mails asking for cash.
>> they had sent out more than 10,000 e-mails, anyone i had ever interacted with since the day i had e-mail, received an e-mail, a desperate plea for money.
>> reporter: she admitted she made the most common mistake, all of her passwords were the same. too many of us are use the same user name over and over again. often it's an e- mail address . and then the same password. the most commonly used password is "password." and then the most common are 123456 and very often, "let me in." how hard would bit for a hacker who is already in to get deep sbe into your online life?
>> don't use your pets' name. don't use your high school mascot.
>> the more your social media accounts are linked, the easier for someone to learn enough about you to guess at credit card and other passwords. but the senior writer for wired warns even his 19 character password couldn't stand up to determined hackers. they deleted everything and reset his password.
>> someone could take a little to get into a, use it to get into account b. they're inside your e-mail, inside your bank, they can clean it out.
>> reporter: to guard against that, experts suggest using multiple players of i.d. authentication questions for you or anyone to reset your password, or give fake answers that no one could find anywhere online.
>> for the most critical passwords in your life, bank accounts , maybe your work e-mail, you want to change it every 60 to 90 days .
>> the ultimate password technology uses something only you have, typing rhythms or fingerprint and iris scans but it's only used for the most secure systems.
>> it makes me feel violated, especially when money is involved.
>> reporter: as most of us use decades old password technology against 21st century criminals. for "today," tom costello, nbc news, washington.