If you’re a heavy web user, chances are high that you have a gazillion and one accounts and logins to various web services. Unless you’re a system admin or have training in computing security, chances are you’re also only using a couple of passwords across all of those services. Chances are also fairly good you’ve never had an account hacked and so you’re going to ignore what I’m about to say, but trust me: this is a bad thing. Here’s a model for you to consider using instead of just recycling the same old passwords over and over again. If you’re on a mac, go grab ciphsafe, and if you’re on a pc, go grab keepass. Each contains tools for automatically generating passwords of configurable levels of security, each endeavors to make it easy for you to copy and paste said passwords into whatever form you need to dump the credentials into, each is tiny and uses almost no system resources, and they’re both free. Now start using it. If you’re like me and use many different computers, go one step further. If you don’t already have one, buy yourself a cheap thumb drive and attach it to your keyring. Store the data file for the app on the thumb drive, and use file encryption if you’re on the mac to protect that file (keepass on the pc provides tools for protecting the data file in the application). Make sure to also make a backup of the data file on your primary computer periodically as well.

And if like me you have logins to sensitive stuff you really don’t want folks to be able to get into, use the ultra high security password generator. (yeah, I really use that for some stuff, and yeah I know it’s basically overkill but what they hey, I’m copying and pasting).

[update]

Discovered that there’s a linux/mac port effort underway for Keepass which you can scope out on the project page. It’s not quite ready for non-geeks yet (you have to grab the source from their subversion repository and compile it) but if you understand what I just wrote by all means go for it.