The article examines computer user identification and passwords as vulnerabilities to identity theft when engaged in electronic commerce. There is an inherent tension between the need to keep passwords accessible and secure. Suggestions on how to create and remember "strong" passwords which have no relationship to the computer user's personal life are given.