It's holiday shopping season, and it's time for me to nag you about security. You'll likely be shopping online a lot in the coming weeks, and many of the sites you visit will require passwords. None of us have solid-state memory inside of our heads (yet), so it's easy to be sloppy with passwords. Don't. Seriously. People get hacked all the time, and it's a major pain in the butt.\nSome simple advice: Use a password manager.\nPassword managers are applications that store all of your passwords in encrypted spaces. If, for example, you store a username and password for your bank, the manager automatically fills in the appropriate fields when you visit your banking site. Password managers can also generate passwords, fill out forms and share passwords across multiple devices.\nThey all require master passwords. If you lose yours, you're out of luck. The companies that sell passwords managers do not store master passwords, and there are no backdoors, at least none that I know of. Researchers say password managers aren't completely secure, but the risk they represent is infinitely smaller than the risk you take when you use the same password over and over again.\nOver the years, I've used two manager apps \u2013 LastPass and Roboform \u2013 and both work quite well. I switched from Roboform to LastPass because LastPass used to integrate better with my Firefox browser. Roboform has since caught up on that front, though.\nLastPass comes in two consumer versions, one free and one that costs $12 per year. Both work the same way: When you visit a site and register for the first time, LastPass captures your login info. The next time you visit, you're automatically logged in after you enter the master password. Both versions work across multiple computers, but only the premium version works on mobile devices.\nThe premium version also supports two-factor authentication, which means that when you log in you get a text from LastPass containing random characters you need to enter to complete the process. That adds a step, but if a password has been hacked, the extra authentication keeps the intruder out.\nRoboform has most of the same features as LastPass and works similarly. However, it isn't free, despite what the company says on its website. If you read the fine print, you see that the free version is only good for 10 saved logins. To use it for more sites, you need to buy a yearly license for $9.95.\nRoboform has a few additional features, including a Windows-Explorer-like interface you can use to edit your passwords and forms.\nIn my experience, I don't see all that much difference between these two password managers. I suggest trying the free versions to see which one you like better.\nI've heard good things about a third popular password manager called 1Password, but\u00a0it's expensive at $49.99 for the Mac or Windows version, and $17.99 for the iPhone app.\nRegardless of the service you pick, do not use the same password across multiple sites. Hacks often occurs on sites' servers and not your computer. So, for example, if your bank is hacked and the Bad Guys get your password, you don't want them to be able to use it to access your brokerage account or medical records.\nOh yeah, also make sure your master password isn't something lame like "123" or "password." But you knew that, right?