About half of those responding to an online survey say their passwords are 5 years old.
The survey by TeleSign found that 77 percent hadn't changed their passwords in a year or more, and 21% of respondents use passwords that are over 10 years old.
In addition, 73% of respondents use duplicate passwords.
Of the consumers' average of 24 online accounts, each consumer uses just six unique passwords to protect them.
One of the main problems, according to TeleSign, is that although it has found that most consumers worry about online security, and 40% have been hacked, only 70% have changed their passwords in response.
Based on the research, TeleSign says that 72% of the consumers surveyed want more help securing accounts, and although some of them have heard of two-factor authentication, they don't know how to implement it.
Among the consumers who don't use two-factor authentication, the study says 56% don't know what it is, 29% don't know how to turn it on, and another 29% say they don't think their online accounts offer it.