Passwords have become a critical part of good computer management. My PC requires a complicated password before it lets me in, one that I never write down. I created it by combining two personal references with a set of random numbers and scrambling the results. The password has meaning to me but would be more than challenging to guess.

Good passwords aren't hard to create. The problem comes when you need a lot of them, and these days most of us do. If you do your banking online, you need one to get into your financial information. Then there are passwords for shopping sites, and reference sites such as Britannica, not to mention your personal account on eBay or Yahoo.

This is why password management software exists. Without it, you have to write down dozens of passwords so you can remember them, and that creates a major security risk. With software such as Norton Password Manager, you can set up a single password that handles all the rest, in a format that's encrypted and relatively easy to update.

Whether you use password management programs or not, some principles are critical. It's astonishing, for example, how many people, when faced with the problem of numerous passwords, simply use the same one for each account. Which is fine for registering at, say, a news or sports site, but consider what happens if that password gets compromised and then used on your checking account.

Putting in new hardware opens up password issues as well. When I set up a home network recently, the first thing I did was to change the default password. The router manufacturer had set up a standard one used to get the network running, and numerous wireless networks are working today with passwords that people have never changed.

My belief is that the longer a password stays the same, the greater the risk that it will be compromised. When I asked Symantec's Bill Rosenkrantz about this, he recommended changing passwords every six weeks. That's overkill for everyday Web sites, but makes sense for things like your service provider account or broker.

Symantec's recent study of password management showed that fully 40 percent of users set up passwords that they never changed. Couple this with another statistic -- more than 50 percent say they use the same password for multiple Web sites. Such practices put private data at risk and add significantly to the problem of identity theft.

Some password tips seem too obvious to need mentioning. For instance, using your birthday, the name of your dog or your favorite music group is asking for trouble. In general, passwords should be combinations of numbers and letters, making it harder for hackers to use simple programs that randomly guess at words found in a dictionary.

And though a six-letter password is OK, an eight-letter one is better. People resist tricky passwords because they're afraid they will forget them, but security requires work. Maybe you've set up your browser to remember your login to various Web sites. The browser fills in passwords for you, but now anyone can use your PC to get into those same sites. Have you thought about putting a password on your screensaver if you work in a busy environment?

Check your screensaver's options to do this. And check into password management programs if you, like so many of us, find yourself doing more and more business online. Norton's $40 program is fine but only if you use Internet Explorer. Those of us using different browsers can try the $20 TK8 Safe (www.tk8.com), or Web Confidential, available in a $20 version for the Mac (www.web-confidential.com).