NEW YORK ( MainStreet) — Most people know not to post their Social Security number on Facebook or write their ATM passcode on the back of their card, yet more than 16 million people fall victim to identity theft every year. Although no one would intentionally leave themselves vulnerable, there are several not-so-smart ways people expose their personal information and create an invitation for thieves. We checked with experts to find the top 10 dumbest ways people get their identity stolen.

1. Using the same password for everything

If you're using the same password for everything, you're setting yourself up for disaster, says Bill Carey, vice president of marketing for Siber Systems , creators of password management tool RoboForm.

"You have to use a unique password for every website you log into. If you think about all the stuff that has gone on lately with hacking attacks at major companies, it seems inevitable that one of the companies you do business with is eventually going to get hacked," he explains.

Unfortunately, if you use the same password for every site, once hackers get one of your passwords, they've got them all.

2. Giving out personal information over the phone

"A lot of people have this thing where when someone calls them on the phone and represents to them that they are an official with the government or a credit card company or a broker's firm, they believe it's real," says Adam Levin, chairman and co-founder of Credit.com.

The truth is, the IRS, your bank or any other official organization is never going to call you and ask for your Social Security number, Levin says. Your bank might call to alert you to suspicious activity on your credit card, but they will never ask you to confirm such sensitive personal information.

"If you get a call like this, hang up the phone and find the official number of the organization. Then you make the call to them," Levin says.

3. Not using a password on your smartphone

"Your smartphone isn't just a phone anymore. It's a personal computer, and if it's not password protected people can gain access to your email, your bank account, everything," Carey says.

If you lose your device and you're still logged in to apps such as PayPal or eBay, you could be in for a world of trouble.

"The more people know about you, the more likely they can hack in and steal your identity on other sites," he says.

4. Logging into financial accounts from an Internet cafe or unsecured connection

Internet cafes are great for browsing the Web and may be fine for doing less sensitive things such as printing tickets or boarding passes, but they're not secure enough for managing your stock portfolio or savings account, Carey says.