Tom asks: I know everyone needs to handle and keep track of lots of passwords. And I know that lots of people use the same password on every site. Is there some way to generate and recall secure passwords without having to write them all down?
Yes, this surely is an issue. My father keeps a very neat Rolodex with all of his passwords sitting next to his computer. Not what I would call secure, since anyone who happens to sit down at his desk has access to all his private information! Other folks keep yellow sticky notes all over their monitors with passwords. Even less secure!
Some people actually do use the same password on every site. The problem is that anyone that wants to break into your account and steal information from you is aware that lots of people do this, and so once they find a password on one site are likely to try it on others. If you're using a "popular" password, it's even worse--these are the first passwords a thief will try to use. (For a list of the current 25-most-popular passwords, check out the article here: http://techland.time.com/2011/11/22/the-25-most-popular-and-worst-passwords-of-2011/.
There are many products that you can use that will help you both generate and store secure passwords.
Ken's current favorite is a free one called LastPass . It works as a browser add-in, and you can install it both on Windows and Mac OS X. There's an iOS version for iPhone, and an Android version. It will generate secure passwords for you and store them in encrypted format. Then, when you need to log into a site, you just need to remember your master password to log into LastPass and have it supply passwords for all your saved sites.
Imagine being able to sit down at your computer (or ANY computer), start working with your internet browser and not have to think about entering each individual password for each site. LastPass.com can do that for you. Check it out--it's a great service. It's free, unless you want premium services (like the ability to use it with a smart phone, and even that service is extremely reasonably priced).
In addition, LastPass can fill out online forms (such as payment information when you make purchases online), storing your address, credit card, and other personal information safely. That's another issue altogether, but it's tied into the same product.
LastPass does store your information on its servers, remotely, which can be both a good thing (your data is always available, no matter what computer you sit down at) and a bad thing (although the data is heavily encrypted, there is a very, very slight chance that some evil-doer could break in and compromise the data). If this bothers you, there are other similar applications that keep all the data locally unless you instruct them to do otherwise. KeePass, RoboForm, and 1Password all do an excellent job; we just happen to like LastPass more. Try them out and find one that works, but whatever you do, don't use the same password on every site!