Ships - your set up in the "standard" way - a simple username/pw to access. The standard isn't always the best option though, obviously. What it looks like is that your router already has what is called a "port forward" for the static IP of the camera. This means that if I hit your external IP address of the port used for web surfing (HTTP: port 80) than the router auto forwards the packets to the IP camera, which then asks for the authentication.
Other than a significantly strong password, there are 2 steps you can take. The first is to configure the camera so that it doesn't use port 80. Use a random port that isn't a common use one.
(Common use port list can be found here:
http://www.iana.org/assignments/port-numbers )
I would say use something between between 50,000 and 51,000. Just pick one. Then set the camera to use that port (should be in the config of the camera itself) - and then set your router to forward requests on that port to the IP camera. Once you do this - if someone punches in the IP only - they won't see your camera. They have to use XXX.XXX.XXX.XXX:port number - and the majority of script kiddies won't even go that far. This way, only people you give the port number to are likely to be able to even SEE your device as being there, must less authenticate to it.
Lastly, its a question of if you have a set group you want to allow access to. If so, then in your router, you define those folks as able to request data from outside - usually via IP. Though it can be spoofed, its another layer. The problem is that if the people you want to share with are not on static IP's - you will struggle keeping the access list up to date.
Hope that helps some.