A password manager makes it easier to create and manage separate passwords for each website, online service or email account, thus limiting the damage if any one username/password combination leaks.

"There's always the potential of a [leaked] passwords also being used on, perhaps, a PayPal account," Carey said.

But the move toward aggregate credentials that access a slew of services provided by a single company -- like Gmail accounts and passwords being used for all Google's services, including Google Docs -- can make a password manager practice moot or nearly so.

"If someone has one account on one service, it lets them log in everywhere," said Carey, using Google as an example. "A lot of business processes store sensitive information on Docs. And because almost everything is Web-based now, 'in the cloud,' this is a problem that's only going to get worse."

Not surprisingly, Yahoo drew the ire of some experts.