Protecting Your Law Firm and Yourself: Password Security

Password Security: How to Make Secure Passwords and Use Password Managers

All around the world, news reports of data security breaches are becoming more and more common.  Law firms are a prime target for cyber-crooks.

In a recent American Bar Association study, more than 20% of firms overall reporting that they had been the subject of a data breach. 

In firms with 10-49 attorneys, this figure was 35% — meaning over a third of law firms of this size had been hacked.

In addition, and unlike many other kinds of businesses, attorneys are ethically required to safeguard client data.  

This article addresses some of things that lawyers and law firms can do to keep their data safe.  According to the recent Verizon Data Breach Investigations Report, roughly “81% of hacking-related breaches leveraged either stolen and/or weak passwords.”  Therefore, this article will focus on password security in particular.

Password Managers

Are you reusing the same password across many different sites? Reusing the same password can make remembering your passwords more manageable, although it could also put you at risk. 

Cybersecurity researchers at Virginia Tech recently found that more than half of users reuse the same password across many sites without knowing how dangerous it could be. A single data breach on a vulnerable website is all an attacker would need to gain access to all your accounts, giving them access to crucial information. Information related to your firm and or your personal life. 

Today there are many applications that manage your passwords for you. Apps like 1Password and Apple’s Keychain store all of your passwords on a secure server giving you the luxury of only needing one “Master Password” to access all of your accounts securely. 

There are basic password managers, and there are more sophisticated versions. The basic password managers work with a single computer, encrypting the passwords onto your hard drive, while the more sophisticated versions (Keychain, 1Passsword) let you access your passwords between multiple devices. 

For example, you can save your password on your iPhone, then later access that same account login on your iPad or MacBook. When you initially sign up for a password manager, remember to create a strong, yet memorable password. 

Passwords should be long, complex, and unique. “Even if you have an ‘unimportant’ password and an ‘important’ password tier, it’s very unsafe,” says Joe Siegrist, VP, and GM of popular password manager LastPass.

Here are some tips to remember when creating a secure password:

  •   Attempt to make password 12 characters or more
  •   Keep personal information that is easy to guess out; names, dates, pets, etc.
  •   Use symbols, numbers, in addition to letters
  •   Include both uppercase and lowercase letters
  •   Do not reuse passwords

A main feature that comes with password managers is the Password Generation Tool.  Make sure to take advantage of this tool, as it will create you a strong password (for example, “VhH3# =xwQLE?atG”). Most of the password managers will allow you to pick the length, the number of characters included, and the complexity of your new password. 

When creating a new account on a website or application, make sure you name the new entry after the site and add the username to your manager for easy and secure access. 

Even More Protection

There are a few more methods one can take to protect their information even further. The first is known as two-factor authentication (2FA) or multi-factor authentication (MFA). 

Two-factor authentication or “2FA” is an extra authentication step above and beyond a password that will give you even more security.  Multi-factor authentication uses more than just one extra authentication step.

“Factors” refer to the forms of verification needed to access your accounts.  The first “factor” is the password. The second and possibly additional forms of verification are typically codes sent your cellular phone via SMS or codes sent by email. 

With most two-factor authentication systems, when logging in, you will be required to enter your password, followed by the unique code that has been sent to your phone or email address. These codes usually only last for 15 minutes before and change at every use. Even if your password is compromised in a breach, a hacker would need access to your phone or email address in order to gain access. 

If an app offers two-factor or multi-factor authentication, you should strongly consider using it.

Finally, the most secure form of security would be biometric authentication. This form of protection allows you to use your unique physical characteristics to log into your accounts.

These unique personal characteristics could be fingerprints, facial recognition, and or retina scans to log in.

We already see this in newer Apple products and many business laptops. 

Using multi-factor and biometric authentication makes it nearly impossible for hackers to gain access to your information without your permission.

Going Forward

It is imperative to know how to protect your information online. Remember the tips above next time you are creating or changing your passwords. 

Not only can a password manager keep your accounts secure, but they also help organize and differentiate each and every account. In addition, keep in mind that enabling 2FA and or biometric authentication on your accounts could be the one thing that saves your information from being compromised. 

If you think your account information has already been compromised, or if you want to make sure you are safe, keep in mind that you can use websites such as the HPI’s one or haveibeenpwned.com to see if your personal information such as email addresses and passwords are anywhere on the web.

The article was first published in Evolve The Law on 9/4/2019.