One of the best ways to protect your online security is to have strong passwords that you change periodically. But that's easier said than done. Coming up with hard-to-guess passwords is hard enough, but it's even harder to have separate passwords for different sites and to remember new ones after you change them.
One way to create a password that's hard to guess but easy to remember is to make up a phrase. You could type in the entire phrase (some sites let you use spaces, others don't) or you can use the initials of each word in the phrase, for instance, "IgfLESi85" for "I graduated from Lincoln Elementary School in '85." An even better one would be "MbfihswE&S" for "My best friends in high school were Eric and Steve." You get the idea--upper case numbers, letters, and symbols that are seemingly meaningless to everyone but you. Microsoft has an excellent primer on passwords and a password strength checker.
But even if you do come up with a clever and hard-to-remember password, don't use it for every site. Since lots of people do that, there's the risk that a sleazy site operator--or a sleazy person who works for a legitimate site--could use it to break into your accounts on other sites.
One solution is to use a password manager. There are several available programs and Web storage services, but the ones I'm most familiar with are RoboForm and Lastpass. These programs can generate passwords for you and remember them so you don't have to. Both programs are, themselves, password protected, though you have the option of running RoboForm without a password or having Lastpass remember its own password on your PC. That's OK as long as no one else has access to your machine. I recommend that you manually enter your master password on a laptop that could more easily fall into the wrong hands.
RoboForm has a free trial version that's limited to 10 passwords after the trial ends. Lastpass is free.
RoboForm has been around for a long time, but Lastpass is a relatively new offering. Company CEO Joe Siegrist describes the program as a hybrid because it stores your passwords and usernames both on your machine and on the Web. You can download the browser plug-in to a PC or a Mac to work directly with Firefox on either platform or Internet Explorer on Windows, but there are also ways to use it with Safari and Chrome. Because it has a Web interface, it can work with any Web-enabled device, but the plug-ins for IE and Firefox make it easier to use.
On Firefox and IE, Lastpass records your usernames and passwords when you first enter password-protected sites and then enters them for you automatically for subsequent visits. Passwords are stored in a "vault," which is actually a Web page stored on your PC, as well as the company's servers, so you can access it from any device, including a borrowed machine. The password vault on your machine is automatically synchronized with the server, so you don't have to worry about synchronizing or backing up your data.
Password data, according to Siegrist, is encrypted on the PC and on the servers. He said that no one--himself included--can decrypt them without the master password that only you know. Assuming the encryption is as good as he says it is, this should protect your security even if their servers are compromised. The company provides a lot of security information on its FAQ.
There are also versions for Blackberry, iPhone, Windows Mobile, and Android as well as a Web site for phones and browsers that aren't supported directly.
For a lot more on this password management, see CNET News reporter Elinor Mills' post, "Facing the pain of passwords."