Businesses need security even more than personal computer users. We’ve got sensitive financial data from customers; we’ve got more banking sites than consumers, including credit card merchant accounts like American Express Merchant Services — which hates to send a statement by paper. We’ve got customer lists that competitors might like to have. We’ve got business plans that forecast our steps to grow. And so on.

And so passwords are more important to a small business user. Yours are probably not good enough, according to a thoughtful article from the Australian outlet of the popular lifehacker.com Web site.

The only truly secure way to store your passwords is to use a password manager to securely track your passwords, combined with a a great master password to protect the rest of your saved passwords — if you use an easy password for your password manager, it would be easy to crack with a brute force attack. Don’t lure yourself into a false sense of security by just using one — your password manager password should be at least 10 alpha-numeric characters if you really want to be secure.

Five simple rules to make a very complex padlock for your sensitive stuff.

1. More characters are better
2. Words are bad — scramble them
3. Always include special characters like %
4. Upper and lower-case both, please
5. Don’t forget to use numerals, too

Firefox will give you a score on how good your master password is. So will a fine open-source password manager that runs on the Mac, KeePassX. It organizes your passwords by type, lets you look them up and more. Version 0.4 (okay, it’s not a commercial product yet) is free. We’ve tested it on Snow Leopard and it works great. KeePassX will copy any password into your Mac’s clipboard, so you can paste it into a Web site. At some point early in this whole protection process, however, you will need to create a password that unlocks your password manager’s database. This is the only password your manager cannot store, of course. And it’s the last one that you want to forget.

If you take nothing else away from the lifehacker article, remember this while browsing the Web: Once You Click “Remember Password” It’s All Over. Unless you use the built-in password manager in Firefox. You are using Firefox because of its built-in Master Password manager, right? Apple’s Safari browser hasn’t got this feature. The rub here is that your master password has got to be something you can recall and type in every time you start up Firefox. The Firefox password services are under the Preferences menu for the browser, in the Security pane.

Commercial (not free, but inexpensive) password managers for the Mac include those which use the 448-bit Blowfish Encryption Algorithm. At the moment it appears xhead Software has one of the best solutions that uses Blowfish, an algorithm xhead describes as

One of the fastest, most secure encryption algorithms in existence and has no known cryptographic weaknesses. It hasn’t been cracked yet. In fact, statistically speaking, if you use a sufficiently long password to encrypt your files, a hacker using the brute-force attack method of trying every possible password would spend longer than the known age of the universe to crack your file.

You can get the xhead product info 2.0 to do your password management for $25, $40 if you want its delights on up to five computers. If nothing else, there’s one security step you want to take with your Mac. Don’t work every day in your administrator account. You’d be surprised what caliber of Mac user doesn’t know what that means. More on that Wednesday.