It’s easy enough to create and remember one or two log-in passwords. But these days you need to remember a growing list of user names, PINs, passwords, and other security codes for your computer, Internet bank account, cell-phone voice mail, ATMs, favorite shopping Web sites, and even for this Web site.

Complicating matters, experts on computer security recommend that you come up with complex codes for everything you need to access. That frustrates hackers but also makes it nearly impossible for you to keep track of the alphabetic, numeric, and symbolic jumble.

Even if you do come up with passwords that are easy to remember but tough to crack, new security measures may consign your creations to the digital dustbin every 60 or 90 days. And since we’ve been warned to never, ever write down this gobbledygook, the only safe option seems to be committing it to memory.


Safeguarding your information

Here are some basic guidelines for crafting and protecting your passwords, PINs, and other security codes with as little hassle as possible:

Do

create “strong” passwords that are comprised of upper- and lower-case letters, numerals, and other keyboard symbols like #, &, and $. Avoid so-called weak codes that a hacker might figure out, especially if he or she already has some of your personal information. Weak codes include those that use variations of your home address, date of birth, or names of family members.

Don't

solve the code-memorizing problem by using the same code for multiple applications, since ID thieves who get hold of that code can use software to crawl hundreds of financial Web sites and figure out where else it works. Use different passwords dedicated to each use. Save your strongest codes for financial accounts and online shopping sites, and use simpler ones for access to, say, Web publications and free registration sites.

One approach is to develop a couple of basic passwords that you can commit to memory, then add prefixes or suffixes to those for specific uses or Web sites. If it’s too much to remember, write down only the add-ons to the basic passwords that you’ve memorized.

Don't

store a list of your security passwords on your computer, despite the convenience and temptation of software made for that purpose, unless you also use encryption software (detailed below). Otherwise, if your computer is stolen or a hacker sneaks in using the Internet, he or she will get the whole list—which you then won’t be able to recall.

Do

use encryption software if you want to store passwords on your computer. One such program for Windows, RoboForm, adds a toolbar to popular Internet browsers, letting you fill in password fields and online forms automatically without having to type them. Your data is stored in a password-protected encrypted file that you can back up to another drive. A free version lets you maintain passwords for up to 10 Web sites; the full version costs $29.95.

Do

consider a biometric security device for your computer, such as a fingerprint scanner that is either built in or added on. These devices can eliminate the need to remember passwords altogether. The simplest scanners log you on to your computer with only a swipe of your finger. Others products also store Web site log-in and password data for multiple users. If you go this route, make sure the device you buy has the capabilities you want. Our tests of APC, Kanguru, SanDisk, and Sony scanners, costing $50 to $150, identified fingerprints as promised and couldn’t be fooled by copies of authorized prints.

Don't

click “yes” when Windows or your Internet browser pops up to ask if you want your computer to remember log-on information. Delete any passwords that you have already stored this way. On Windows XP, you do this through the Internet Options section on your computer’s control panel.

Don't

type your passwords on computers in public places, such as hotels, libraries, or community centers. Even if you tell the computer not to save your password, the machine could be installed with software that secretly records your keystrokes for later use by someone with evil intentions.

Do

write down your passwords if that is the only way you’ll remember them. Wait a minute—isn’t that dangerous? The conventional wisdom is that this is a no-no. But according to Microsoft, passwords on paper are “more difficult to compromise across the Internet” than those that are stored electronically.

You’ll need to put that piece of paper in a safe place, of course. Muster all your CIA spy instincts and hide the document somewhere in your home, away from your computer, in a place that’s easy to get to only if you know where to look—say, tucked inside the pages of a favorite book, taped to the underside of a laundry basket, or slipped beneath the inner sole of a shoe stashed in your closet.