VANCOUVER -- Did you know, according to Dashlane, the average user has about 90 online accounts? That’s a lot of passwords to manage.

Multiple data breaches have exposed billions of passwords and email addresses and have given hackers and thieves the necessary tools to leverage that information against you.

All those passwords and email addresses are often shared and sold on the dark web. That’s why it’s so important to regularly change your passwords.

“Most of the people reuse passwords, so most likely if they are a regular user and they have one set of passwords from one site, that password is most likely going to be reused on all sites,” said Doug Santos, a security strategist for Fortiguard.

And avoid passwords that contain any personal information.

“Those things are so easy to guess, especially for people in my generation that are so invested in social media and you can just creep anyone and go okay there’s your cousin, there’s your dad, there’s your car, there’s your pet,” said Sara, an online user in her 20’s, who stopped to talk to CTV News Vancouver about how she locks down her data.

Some passwords tips from experts include:

- Never use personal data in a password like, a pet’s name, birthdate, or family names

- Don’t reuse passwords

- Don’t recycle passwords by just modifying it by adding a letter or number.

According to Tech Insider, an 11 character password can be cracked by hackers in three days by using a computer program that can make 1,000 guesses per second; while a 25 character pass phrase can take up to 550 years to crack, using the same system.

“Oh wow,” said Akash, another young man who has multiple online accounts.

When choosing a pass phrase, try to come up with random words that only you can remember and then string them together to create something as long as 25 characters or more.

However, your online account may limit the number of characters you can use, so follow the instructions to include as many special characters, numbers, and capitalized letters as you can. Better yet, it’s recommended to use a password manager to help store and create strong passwords for you.

You can also set up two factor authentication for your online accounts. That requires you to receive a special verification via email or text. Some people have also switched to using authentication apps which have proven even more secure. They are software or hardware based and linked to a device you own. They have proven more difficult to intercept than a text message. Check with your online account to see if they are supported.

And make sure you are running an anti-virus program and take the time to manage your online data. It’s important to delete accounts you are no longer using. However, some providers make it difficult to delete an account, if they even allow you to do it at all. So, make sure you delete any personal data from online accounts you aren’t using and can’t delete, so even if it’s hacked, nothing valuable can be used against you.

It will take some time, but once you’re on top of it, it will become easier if you make data and password management part of your regular routine.

This story has been previously published June, 2019