trusted third party. If it's a legitimate site, it can do so without concern. If the site has been pharmed and is thus secretly redirecting to a different site, the new, illegitimate site has no access to the authentic certificate. Firefox smells something fishy, and - here's the important part - warns you that the provided certificate does not match and asks whether you want to continue. You should say no in all cases. There are very few cases where legitimate sites would cause this error-usually when they forgot to renew their certificates - and in those rare instances, you should say no and wait for the company to get its act together.       The unfortunate fact of security is that it often comes at the expense of convenience. Although computing power isn't yet to the point where hackers can quickly guess any combination of letters and numbers, they can realistically try every password in the dictionary and then some. And if the idea of a hacker slaving away at home entering passwords gives you some consolation, think again: Hackers today use sophisticated networks of computers that work together to guess passwords automatically (see the "How they do it" sidebar). That means that using your favorite color or even your mother's maiden name as your password just isn't going to cut it anymore. Here are some tips for keeping your password safe from prying eyes: Throw convenience to the wind. If you're using a password that has any kind of recognizable personal significance (such as your mother's maiden name or your birth town), you're putting yourself at risk. Hackers have assembled vast collections of words far beyond those found in the dictionary, including slang and names of people, streets, and pets. The safest route is to choose a random combination of letters and numbers, such as y94pJ332k. Mix the letters and numbers together and use both upper-and lowercase. If the Web site allows it, include special characters such as ! or $. Write your password down on paper until you remember it. It's going to take you awhile to remember Iw2ih4smpw as easily as you remember your mother's maiden name. However, saving passwords on your computer is a bad idea because if someone is able to gain access to your computer, she can retrieve it. Instead, write it down on paper and store it in a safe location in your home. Throw it out as soon as you're comfortable with your new password. Tip You can also try using a mnemonic device to remember a seemingly nonsensical password. For example, Iw2ih4smpw looks like complete gibberish. but I remember it as "I want to (2) imprison hackers for (4) stealing my password." Never give your password or other private information to anyone. Anyone. This tip is just common sense. Employees of reputable companies will never contact you out of the blue to request your password or other private information. Make your password as long as possible. Different sites allow different length ranges. The longer you make your password, the harder it is for hacking technology to guess it. Use different passwords for different sites. Yes, it's much more convenient to remember a single password. But using the same password at multiple places weakens your overall security because your security is only as strong as the weakest link. If a hacker steals your password at a low-security site, you can bet he's going to see whether it also works at your bank. Be careful where you log in. Sites you're liable to visit frequently - such as your Web mail site, if you use a Web-based e-mail service - often remember who you are automatically so you don't have to keep entering your login information (see Figure 15-8). This is great when you're at home, but it's dangerous at a public computer where the very next person might also use your Web mail provider. Many Web sites offer a check box that says something to the