If you listen to many so-called “security experts”, they’ll tell you that to protect your identity online, your passwords should all be a random jumble of letters, numbers and symbols, the more characters the better, use a different password on each site, don’t write any of them down or keep them on your computer, and change them often. So if you have a lot of passwords – and if you’re in the IT industry, you easily have several dozen – you need to keep a whole lot of Hjk5&#rwY< in your head.

No problem…if your name is Data and you fly on the Starship Enterprise. For everyone else, here are two realistic suggestions you can actually do.

1. Use a password manager. Browser plug-ins like KeePass, LastPass or RoboFormwork in all browsers, and when you need to log in somewhere, they will automatically enter the info. They’ll fill in forms, too, so you don’t have to keep typing your name and address everywhere you go.

   The downside to password managers is that you still need a strong master password for them, and not everyone feels comfortable storing their passwords in the cloud. Earlier this year, LastPass was hacked and a few people had their info stolen, but only those who used a weak master password. Password managers also tend not to work very well on mobile devices.

2. Use a phrase. Instead of trying to remember ridiculous jumbles, use one password for multiple sites, but make your password the initial letters of a phrase that has meaning to you. For example, my phrase might be Flemington is on Highway #202. Taking the first letters and symbols, my password would be FioH#202. (Maybe include the period for good measure.) That’s easy enough for me to remember without writing down, but hard for anyone to guess. And it should satisfy the requirement that some sites have for including uppercase, lowercase, numbers and symbols in a password.

The heuristic scanning got a major overhaul, and MSE also integrates with the Windows Firewall. It also has a network inspection module, so it sniffs ahead for trouble when you surf the web (using any browser, but it’s more effective with IE).

Here’s the really cool news: it’s absolutely free for home users, and even free for businesses that have 10 or fewer PCs. If you’re running an older version of MSE, the Windows Update service will upgrade your machine automatically. If not, you can get it from the Windows Download Center.

An article yesterday in PC Pro magazine (U.K.) claimed that anti-virus makers AVG and Symantec are engaging in a nefarious practice of getting customers to buy new subscriptions months before the existing subscriptions run out — and beginning the new subs immediately, instead of tacking them on to the end of the existing subs.

For years, I’ve been advising people to buy AVG, since it doesn’t slow down computers as much as the anti-virus products from Symantec, McAfee and others.

AVG vigorously denies this claim and says they will produce documentation to show it’s not true. Symantec’s response was “yeah, so what?”

To protect yourself, don’t renew your subscription just because you get an e-mail telling you to. Wait for the installed software to tell you: when your subscription is a few weeks away from expiration, the software will breathlessly remind you over and over. Then you can renew just a couple of days before the expiration. As with other software licenses, keep a record of what you bought, when you bought it, and the serial numbers and purchase info.