Most of us use the same basic password across many of our online accounts, making the life of a cybercriminal much easier. If there’s a data breach or hack of one company, a hacker literally has the virtual keys to your online kingdom for any site where your login uses the same email or username and password. I should know because it almost happened to me.

A new Norton study focusing on our mobile use finds that this is so common, we’ve all got to take a moment to evaluate our personal risk of being hacked. Seventy-one percent of the study respondents use the same password across several accounts because “it’s easier to remember.” Almost half never change their password on their email account. Your email address is often the username for many other websites so for anyone trying to gain illegal access, they have half the information needed. And if you use the same password on email as on other sites, a compromised email account could lead to financial ruin.

Another potential risk we saw in our study was that as many of us are adopting geo-location services to “share” our physical location with friends in our social networks or on public websites, we fail to recognize the potential for harm. In this busy holiday season, letting people know you are out at a restaurant or going on a trip, also lets potential thieves know as well. Ok, you say, it’s just going out to my friends on my social network. Take a moment to review your privacy settings. If you limit your location information to “friends”, you may have things limited appropriately. But what if you have your account set to share with “friends of friends.” Think for a moment about your list of friends; does anyone use your social network to promote a business with customers or set their information public? Each lower level of security could mean that a complete stranger could see your party invitation or travel plans. For a real world example, read the story of a couple in Indiana whose home was burglarized after they posted plans on their social network to attend a concert.

The Norton study called “Connected But Careless” also found that just over half of us don’t use the simplest security measure on our smartphones – setting a password on the device. Using the built-in password capability allows you great protection from someone using access on your device to purchase services, send inappropriate messages, install spyware or other malicious applications or simply to make phone calls or take photos without your permission. As your teens head out for their own holiday celebrations, remind them to take this simple precaution and set a password on their phone. Too often, silly moments at parties get recorded with powerful cell phone cameras and voice recorders, leading to permanent embarrassment or worse when they are forwarded or shared on social networking sites.

Our three tips for keeping your holiday mobile use safe and successful are:

1. Protect your mobile phone with a password. Look for applications like Norton’s new Smartphone Security for Android that offer remote lock and data wipe services in addition to blocking installs of malware on your smart phone.
2. Be extremely cautious about logging into your accounts on mobile devices or on WiFi systems you don’t personally manage. Never do your online banking, or even last minute shopping on your mobile device using public WiFi because there is the risk that someone could be eavesdropping on your activity, gaining credit card information or passwords to your accounts.
3. Limit your holiday online shopping to a single credit card. This can help you keep track of spending but also detect fraud more quickly than if you spread your activity over several cards. And if something goes wrong, you’ll only have to call one bank, get one card re-issued and still have the remaining card(s) to work with.

So what almost happened to me with my own online passwords? Recently I created an online account just to enter a comment on a website. When that site was breached by hackers, revealing user email accounts and passwords, my information was among them. Fortunately I don’t use that same password on any important or financial website but I did reuse it on other news sites. Though the risk of harm was low I took the opportunity to revise even those minor accounts, hoping to ensure no harm would occur because of this hack. I’m also using this opportunity to cancel or close out some online accounts I no longer use. Just goes to show that all of us can do better at securing our online lives, even when it makes things more complicated. Fortunately since I use Norton security products, I have a wonderful password manager on my computer, which automatically stores even the most complicated passwords for each online account I use. And the information is securely encrypted on the computer and backed up to a file I keep away from my computer for safekeeping. The feature is Norton Identity Safe. Don’t go online without it!