We've never met, but I already know you're a lot like Sarah Palin.

You're not the Republican vice presidential candidate and the governor of Alaska, but you've almost certainly got a free Web-based e-mail address, one of the millions doled out by Yahoo Inc., Google Inc., Microsoft Corp., and many Internet companies.

Palin relied on Yahoo mail, and recently, a hacker figured out a way to reset her password, giving him complete access to her mailbox. Granted, the contents were hardly scandalous, but that's not the point.

The security breach was especially galling because so many people use Web-based e-mail accounts as digital attics. We e-mail ourselves documents and photos we can't afford to lose, trusting that Yahoo or Google or Microsoft will keep them secure.

So much for that fantasy, especially since most people choose passwords that are easy to steal. According to Sophos Inc., a data security firm in Boston, 41 percent of people use the same password at every site they visit. If a bad guy guesses his way into your Yahoo account, your online bank account may be next.

But passwords can be an effective security measure, if you follow three rules. First, pick bizarre passwords, like "q09jcxdtb4" - something nearly impossible to remember. Next, use a different, equally bizarre password for each online account. And finally, don't write them down - memorize them all.

Impossible, of course - unless you use a product or service that stores your gibberish passwords in one location. Then you only need to memorize one of them: the master password that unlocks all the others.

There are plenty of products that will do this work for you. Perhaps the best-known is RoboForm from Siber Systems Inc. It's software that creates a kind of digital safe on a computer. Set it up, then type in the user names and passwords for your favorite Web sites. Now you can give these sites the most incomprehensible passwords possible, because RoboForm will remember each one and automatically type it in at a password prompt. If your imagination fails, RoboForm will generate dreadful new passwords that nobody could possibly guess. RoboForm sells for $30 at www.roboform.com. A free version can be downloaded, but it's limited to 10 passwords.

But what if you're on the road, logging in on someone else's computer? A version called RoboForm2Go installs on a USB thumb drive. Plug it into a PC, and the software fires up and provides your passwords. Alas, the USB version runs only on Windows PCs, not Apple Macintosh or Linux computers. Besides, many businesses block access to their computers' USB ports as a security precaution, so RoboForm2Go might not work at, say, a public library.

If you're traveling, you might prefer an online password storage system. There's a versatile and powerful one at www.passpack.com. The free service, run by a firm in Italy, offers an almost obsessive level of security. It requires a very long password to set up an account - Passpack suggests you use a complete sentence, like "What time is it in Rome?" Users must create a second sentence to unlock the online password stash. There, you can punch in an unlimited number of passwords, and access them online. There's also a program that stores a backup copy of the passwords on your personal computer.

By the way, if you forget the RoboForm or Passpack master passwords, you're hosed. There's no way either company can retrieve them. And while Passpack vows to store your data in encrypted form so not even the company can read it, you're still taking a risk by putting passwords online. If a bad guy cracks their system, there's always a chance they will find a way to read your data. With RoboForm, you hang onto your data, making it the more secure choice.

Although secure password storage is a good idea, it wouldn't have saved Palin's e-mail account. The hacker tricked Yahoo into letting him change her password. It's so easy, just about anyone could do it.

First, enter the victim's Yahoo username - it was the dead-obvious "gov.palin." Next, ask Yahoo for a new password for the account. Yahoo asks a "secret question" to verify your identity - in this case, where Palin met her husband, a fact widely reported in the press. Once the hacker typed the answer, Yahoo let him create a new password and take control of the mailbox.