Think you've got good passwords for all of your online accounts? Well, security experts say they’re probably not good enough. In fact, there's a good chance it's already for sale on the internet.

The cyber expert in our story was able to crack passwords in minutes. And if someone gets yours, it's just a matter of time until you're a victim of ID theft.

How many passwords do you try to remember?

E-mail, shopping, banking, Netflix, Amazon, prescriptions, kids' activities.

The average person has 150 on-line accounts of some sort, but uses just 12 passwords, re-using the same one at least ten times.

And that is a big cyber no no!

"Your password's actually cracked," said cyber security expert Charles Henderson.

He works with IBM’s X Force Red.

To crack passwords, he can use a program that's right on the internet.

And you know what else is there?

"So what we're looking at here is a data base of emails and passwords,” says Etay Maor formerly part of Israel’s Cyber Intelligence team.

He now works with IBM security, and tells us, "That's just one data base. There's tens of thousands of databases like this."

He found passwords for NBC colleagues.

Which experts, say is no surprise, since there have been so many mega hacks in recent years.

"Which is why we have to keep changing our passwords and updating our accounts," says Caleb Barlow of IBM’s Threat Intelligence.

What's the solution?

Experts now advise using long phrases like, "ileftmyheartinsanfranciscoin2017."

But automated computer programs might even crack that!

Which is why security pros say you should use password managers...that keep them encrypted. And even multi-step authentication: A code sent via text message to your phone, which you unlock with your thumb print or a facial recognition scan,.

Seems like a hassle...but in addition to those e-mails and passwords on the internet, there are hundreds of thousands of stolen identities for sale on the dark web.

And Maor says, "The victim for this, he is going to spend-- he or she are going to spend years recovering from something like this."

Also when websites ask for those security questions like your mother's maiden name, or your elementary school, experts say lie! That way thieves can't find that information on your social media page and use it to get into other accounts.

Wednesday night we'll tackle some more threats during our live phone bank as part of National Consumer Protection Week.