You're doing a little Web browsing at work when you come upon Widgetsnmore.com, a site that looks vaguely familiar. Suddenly, you see it: the multipurpose electronic gadget polisher you've coveted for weeks--and it's half price until 5 o'clock today! You click on the image to order it, and...uh-oh. The site asks for your password. What do you do?

a. Enter your cat's name--you use the same simple password at every site.

b. Frantically type word-and-number combinations you've used in the past.

c. Set up a brand-new account.

d. Give up, exit your browser, and learn to love your dull, unpolished gadgets.

e. Confidently enter drk#3kl8nfl and complete the transaction.

If you chose e, congratulations. You obviously have an advanced degree in password management. (Bonus points if you recently changed that password from its predecessor, wr&98zflg.)

If you answered anything but e, you're invited to join the Problem Password Club. (True confession: Until I wrote this column, I would have chosen b.) For what it's worth, we're in the majority. A recent study by Jupiter Research shows that over half of the consumers it surveyed used the same user name and password at all or most of the sites they visit.

It's dangerous to be loose with passwords. If you use names or words, a hacker can use a program that tries the whole dictionary to access your account. And if you use the same password everywhere, a successful hacker can access your whole online life by breaking one code, says Rob Leathern of Jupiter Research.

We all know what we're supposed to do with our passwords: Make them cryptic, change them regularly, never share them with anyone, and so on. The problem is, strong passwords--those that contain upper- and lowercase letters, numbers, and punctuation--are considerably harder to remember than, say, your best friend's name. And given the choice, most of us understandably opt for convenience.

But take heart. Managing strong, secure passwords doesn't have to translate into endless hours of arduous mental calisthenics and memorization techniques. There are ways to achieve a comfortable balance between efficiency and security in your password-protected online life.

A Site for Fluffy

You probably have accounts at sites where you haven't provided any sensitive information--at free online news services, for instance. It probably makes sense to use your cat's name as a password at all those sites. After all, do you really care if someone reads the New York Times online under your name? If you want a little more security, incorporate the first initial of the site into your password; at NYTimes.com, for instance, your password might be fluffyn while at Orbitz it might be fluffyo.

At any site that stores your financial information or sensitive personal information, you need to create a unique password. To make your passwords cryptic to outsiders (and resistant to dictionary-lookup techniques) but memorable for you, try using the first letter from each word in a phrase--for example, HiMbG for "Hello, I must be going." You can combine that technique with using numbers for sounds, such as Gr8 for "great." Using these tips to alter your user name as well--h4d instead of hford, for instance--makes life even harder for hackers.

Reserve your strongest passwords for your most sensitive accounts. To remember your passwords, it might help to associate their format with their security level. Passwords for accounts containing financial data might include all possible kinds of characters, while those for less critical sites use only letters followed by a number.

Digital Assistance

No matter how much you try to simplify it, though, handling passwords will always be a chore. Fortunately, dozens of good password management tools are available. I like Roman Lab Software's Any Password--a free, easy-to-use download that encrypts and stores all of your passwords and user names in a simple tree format.

Siber Systems' AI RoboForm (free for personal use) is a handy tool that memorizes passwords and fills out online forms in a single click. SplashData's SplashID for Palm devices (available for $20) allows you to store passwords encrypted on your PDA.

Passport is Microsoft's inevitable entry in the field of information management. Used in combination with other services like Microsoft Wallet, it promises quick and easy shopping. The catch: Your information is stored on Microsoft's servers (surprise!) instead of on your system--a trade-off I'm not willing to make. And Passport works only on sites that have implemented it. Another high-profile player, Gator's EWallet, delivers plenty of e-shopping functionality but pelts you with ads and spam in exchange.

Another convenient option is to have your browser remember your passwords. But you should exercise great caution with that approach. Don't use it if anyone you don't trust has access to your PC. And even if you live the life of a technologically savvy hermit, a hacker still might uncover the information--especially if you have a broadband connection that isn't protected by a sturdy firewall.

The passwords you choose can be your strongest defense or your weakest link. Jupiter's Leathern summarizes it this way: "At the end of the day, it's all about: 'Can someone guess this?'"

Anne Kandra is a contributing editor for PC World. E-mail her at consumerwatch@pcworld.com. Click here for more Consumer Watch columns.

• See more like this:
• password,
• passwords,
• consumer watch,
• splasid,
• splas id,
• wallet,
• passport,
• roboform,
• siber,
• ewallet,
• gator