We hear it so often it sounds like a broken record. Change your passwords to something no one could guess, and change them frequently. We hear horror stories about people who've had their identities stolen through weak passwords, but still most people are whistling past the graveyard of bad passwords and the bad things that can happen.

I stopped a woman at the park and asked her how many passwords she uses for all the online accounts she uses such as Facebook, email and credit card companies.

"How many passwords do you use?," I asked. "One."

Kelley Darnell is like most internet users. Many accounts, but only one password. Actually, she has fewer than 1 password if you count her husband. actually, it's less than one.

"We have the same password for everything," she laughed

But like many other people Darnell isn't worried, nor were the other people I talked to. Here's why, according to them.

"I don't have a lot of stuff they can take. Don't have a lot of money so they wouldn't get very far."

Make no mistake, bad guys want whatever they can get. Last year Yahoo said a state sponsored hacker group gained access to 500 million user accounts. They stole names, email addresses, phone numbers, date of birth. Enough information to steal someone's identity. The same thing happened with Target and eBay.

That information is bought and sold on the dark web where bad guys use them to create credit and debit cards, drivers licenses and even passports. All made easy because of weak passwords. Hackers know, if they can get one of yours, they'll likely have passwords for all accounts, unless you've got separate passwords for each account and you change them from time to time.

What makes a great password? 13 characters, a mixture of lower and uppercase letters, a number and special symbol, and no common words. Here's what Darnell says to that: "There's no way to remember it all."

No one can. So use a password app like "One Password" or "Last Pass". These apps create impossible passwords for each account, but all you have to do is remember one...a master password for the app. There's still some risk involved, but these apps encrypt passwords so even if your account is compromised, the bad guys won't easily be able to do anything with it.

World Password Day is the first Thursday in May every year. We're supposed to change our passwords more often than that, but if it's been longer than that, and most people will admit that it has, change them. All of them, to protect your information.