You sign up for a newsgroup, or make a purchase online, on a website you have never used previously. The website needs to know who you are, so it asks for you to create a new account, consisting of at least a new user name and a password. If you have a hard enough time remembering where you left your keys in the morning, there is a good chance that remembering user names and passwords to your 50 most favorite websites is too much to ask. If you do have a way of remembering 50 unique user names and passwords (writing them on a sticky note taped to your monitor is not the most secure way of remembering your passwords), many of these websites will have faults in the secure storage of your information, making a unique user name and password nigh worthless. Passwords can be stored in plain text, meaning that anyone who can access the database can read your user name and password (and can likely guess what user name and password you may use for the other 49 websites you log into). Some websites may store your password in an encrypted form, but have an algorithm to revert the password to plain text; if there is a way to make the password human readable, it is a favorite target of hackers. Try clicking on the "Forgot Password" prompt of the websites you access. If they email you the password you used to create your account, then that website would have used either of these two methods to store your private information. No matter how creative your password, it is no longer secure. There is hope in the realm of security to keep the number of user names and passwords you use to a minimum while trusting that they will be stored securely.

These social media icons should be familiar to you: Facebook, Twitter, MySpace, Yahoo, Google, and Microsoft/Live. A website may use these social media sites to identify you as the proper account holder on the website. This process is called trusted authentication. The concept works a little like this: You want to create an account on a new website, NothingButKites.com. (At the time of releasing this post, this website does not exist.) We users of social media sites trust these websites to store our user name and password securely. Almost everyone who uses the Internet has an account with at least one of these social media sites. Instead of logging in to NothingButKites.com with a new user name and password, that website can prompt you to log in to one of these social media sites that both you and that website trusts. If that social media site says your user name and password is good, it will tell NothingButKites.com to let you onto the website. Your password is never stored on NothingButKites.com, so they are not at risk of having your login information divulged to a hacker.

Of course no solution is hacker-proof. What this method does is keep the number of sites where password is stored to a smaller number. There is less chance that these few sites will be hacked, and that the user names and passwords will be an a format that can be used.

While we are on the subject of passwords, here are some tips to keep in mind:

• Your password should be at least 11 characters long. If your website does not allow 11 characters in the password, use that website's upper limit in password length.
• The complexity of the password (upper/lowercase, numbers, extended characters, spaces) does not make a password more secure. A 7-bit character set contains 128 characters; unlike Scrabble, characters in a character set are not worth more points than others in that set.
• Keep your passwords as unique as possible. It may be too much to remember fifty passwords, but should remember at least three unique user/password combinations: Keep your financial login password completely different from your email password, and those passwords completely different from all other websites' passwords. If someone does gain access to your password from a website, you do not want them to use or even guess your login to your bank, and certainly not have access to your email account to generate password requests on a myriad of websites and harvest all of your information.

Should you be scared and not log on to another website again? That is not the conclusion I hope you will draw from this posting. Just be security-minded whenever you visit websites.