In a recent CNET Virus & Security newsletter, I mentioned that two recent Internet worms--Lovgate and Deloder--attacked weak passwords. I then offered a few suggestions about creating better passwords. In response, I got a ton of e-mail. Apparently, there is a lot of confusion surrounding good password security.

Just about everyone needs a user ID and a password to get onto the Internet. If you share a computer, you might lock your Word or Excel documents with a password. But if you create too many passwords and forget one, it might not be easy to open the file again later.

A few readers were confused about the differences between a user ID (usually your name) and a password (something random); here, we're talking about the latter. But many wanted to know more about the proper use of numbers and letters within passwords. The secret is to create a seemingly random combination; you get extra credit if you incorporate case changes, alternating uppercase and lowercase. And you can sometimes use symbols in passwords, too. As long as you remember a basic structure, you can create strong passwords quickly.

Change passwords early and often
At the very least, you should change any default passwords you already have. If your Internet provider issued you a password, change it. If your operating system came with passwords (usually Admin or Password), change them. If your wireless router has a password, change it, too.

Experts suggest changing your passwords every six months or so. But what if you have 20 passwords to remember? That's a bit of work. Unfortunately, you cannot write these passwords down. People who put Post-it notes on their computers might as well not even bother with passwords at all. That's why I suggest the creation of passwords that are easily recreated on the fly and don't need to be written down.

Avoid the obvious
Malicious Internet users use password-cracking apps to break into password-protected accounts. These apps are available as freeware on the net, and several of them use what's called a dictionary database. The idea is that people are more inclined to use real words as passwords, words commonly found in dictionaries such as secure, password, or evergreen, along with familiar names such as John, Mary, and Phillip. Some dictionary programs also combine words. Thus, a hacker using a password-cracking dictionary program could open a file or access a paid service in a matter of hours.

Even if you don't use common words, you're not any safer using your great aunt's birthday. These same cracker apps can also guess random numbers. Generating combinations of 0-though-9 across six or eight decimal places is a function of processor speed and time. The more speed and time available, the more likely someone will uncover your secret number.

Get crafty
That's why you need a pattern of letters and numbers, one that makes sense only to you. By adding letters to numbers, you gain another 26 possibilities for each decimal space. Better yet, add uppercase and lowercase alpha characters, then you have another 62 choices. A four-character password of letters and numbers becomes more secure than a password composed of number or letters alone. A six-character password is even stronger.

While a hacker running a cracking program could still break a four- or six-character password, he or she would be working at it for quite a while. Chances are the hacker would give up and move on to another computer.

Get into the habit
The trick to remembering a variety of unique passwords on the fly is to come up with a structure that you alone understand. For example, you might always start with the topic. Say you need a password for your office computer: you could derive a strong password from a building address.

For example, CNET Networks is located at 235 Second Street, San Francisco, California, 94105. Several choices of letters and numbers here: S2e3C5nD is one example. S9f4C1a05 is another. S2f3C5a is a third. Any of these passwords could be recalled at a later date without having to write each one down as long as you follow a basic pattern. In this case, always begin with a capital letter, then alternate case and alphanumerics thereafter. Note that you'll want to create a better password pattern than this, but you get the basic idea.

Senior Associate Editor Robert Vamosi covers hoaxes, viruses, and security threats for CNET Reviews. Have a question for him? Let him know!