have too many passwords. In fact, when I counted mine this week, I came up with 42 logins for Web sites, data services, voice mail and e-mail systems.

I can do this easily because, like most folks who have to juggle lots of passwords, I do exactly the wrong thing. I write them down — in a safe place, of course.

In 2005, RSA Security surveyed 1,700 business computer users. It found that almost 60 percent had to manage at least six passwords, while 28 percent had to manage more than 13.

And that doesn't count personal passwords for who-knows-how-many e-mail accounts, voice-mail boxes and Web sites.

Some are important, such as bank, credit card and stock brokerages, and some aren't. But they require passwords all the same.

It's worse when each system has different requirements for password length, capitalization and the number of numeric characters and punctuation marks it allows.

The most secure — and biggest pains — are systems that generate passwords themselves, usually strings of gobbledygook such as "4jvKX3fred99+erk#2."

Adding insult to injury, systems increasingly demand frequent password changes, and they won't let you reuse an old password, or anything similar to a previous one, for months or years.

These precautions would be prudent and reasonable if we only had to remember one or two passwords. But since most users have far more, they deal with the problem in the most obvious way: They write them down somewhere.

This uncoordinated but ubiquitous demand for passwords is counterproductive. It leads to behavior that actually makes it easier for thieves and spies to do their work. It encourages people to use the same password for all their systems — or as close to it as they can get.

It encourages simple passwords that are easy to remember, and just as easy for hackers to guess (birthdays and kids' names are favorites).

The only recourse for most of us is writing our passwords down — somewhere that's easy to remember and probably easy for an intruder to find.

I wish I had a simple, effective universal solution to this problem. If I did, I'd be rich and retired. But I've been looking at one approach that works tolerably well.

It's called a password cache or password safe — a term for software that stores all your passwords in an encrypted file — locked with a single password of your choice. When you sign on to a Web site or system, the program retrieves the password you need.

These programs are generally easy to use, and most employ highly secure algorithms to scramble your passwords. Even so, they offer a single point of attack for an intruder. If he or she learns your master password, he has the keys to your entire kingdom.

So you need a really good master password. That means something long, and with a couple of numeric characters and punctuation marks thrown in.

It's not a bad idea to substitute a number for a similar alphabetic character, such as "1" for the letter "l" or "I," a zero instead of the letter "O" or a "5" instead of the letter "s."

Some experts suggest a password that combines these distracters with information from your past that friends, acquaintances and colleagues wouldn't know, such as the name of the street your family lived on when you were born and the name of your first pet.

Here's an example. Let's say you grew up on Northfield Road, with a dog named Sandy. You could easily convert that into N0rthf1eld#5andy. Not very easy to guess.

What happens once you've selected a master password depends on the software.

RoboForm, a $30 program around for years, is the Rolls-Royce of this category. It records logons and passwords in electronic storage bins called PassCards.

When you reach a protected site, a drop-down menu in your Web browser will recall the correct user name and password and enter them for you.

Or you can use RoboForm to completely automate the process. It will start your Web browser, call up the site you want and sign in for you. Can't think of a password for a new site? RoboForm will generate one.

The program also stores the information you frequently need for Web shopping or logging onto sites that require some kind of registration — including addresses, phone numbers and credit-card info.

When you come across a new online form, the program figures out what information is needed and automatically fills out the form.

There's not much more to say about RoboForm — it generally works as advertised.

It's occasionally stumped by redirected Web pages and expired security certificates, both of which disrupt the normal data flow in Web browsing. But they're the exception.

You can download a fully functional trial version at www.roboform.com.

If you're willing to forgo the form filling and a few other bells and whistles, Password Safe is a free program that handles most of the same chores.

A new version (3.0) was released last month. You'll find it at http://sourceforge.net/projects/passwordsafe/.

E-mail article Print view

More business & technology headlines...

Buy a link