Most PCs and lots of personal data, such as bank records and Web mail access, are guarded only by a username and password. Usernames are fairly easy to guess and often pre-filled in, so you need to make sure your passwords are strong—not easily guessed or cracked by "dictionary" attacks that throw millions of letter combinations at the dialog. Many of the most widespread Internet worms have built-in dictionaries of common passwords, and once they are running on your system, they can attack your computer and others on your network.

• Don't use any part of your username, full name, address, birth date, and so on. This data is readily available to intruders.
• Don't use English or even foreign words.
• Make sure your password is at least six to eight characters long. In fact, the longer the password, the better.
• Use different kinds of characters in your password. At the very least, your password should contain uppercase letters, lowercase letters, and numbers. If you're comfortable with non-alphanumeric symbols (such as #@!&) or extended ASCII characters (which you can access by holding down Alt and typing on the number pad), use them.
• Change passwords every month to six weeks.
• Don't write your passwords on a sticky note and post it on your monitor.
• If you need to keep a repository of passwords, use a utility like RoboForm Pro (www.roboform.com) that keeps an encrypted list of all your passwords under a single master password. These programs can also generate strong passwords to your specifications.
• Don't recycle old passwords or use the same one for several different applications.
• Use a word you know, but substitute punctuation and numbers for letters. For example, coffee could become C0FF33 and Indiana_Jones could become 1nd1@n@_j0n3s.
• Use a passphrase—a group of words, as opposed to a single word. If you're a Beach Boys fan, "It's not a big motorcycle, just a groovy little motorbike" might be a good passphrase.

Note that not every security system lets you use passwords this long, or even ones that have embedded spaces. Some e-commerce sites, for example, will allow you only 8- to 12-character alphanumeric passwords. But, since Windows 2000, Windows has allowed passphrases with up to 127 characters.