Most people, legal professionals included, make up terrible passwords.
We know this because, after major hacks of big name websites, details of the passwords used are often revealed to the public. After one such hack, it was revealed that the most common three passwords were “123456,” “password,” and “12345678.”
It’s okay, though. It’s not as though lawyers are in possession of large quantities of sensitive and confidential data that’s just a password away from being accessed by any passing cyber criminal. Oh…
A strong password is, therefore, a critical first step in any effort to get data secure.
What makes a password strong?
A good, secure password is long, unique, not found in the dictionary, and contains a mixture of upper and lower case letters as well as numbers, and symbols.
- Long — For many years, it was recommended that passwords be between six and eight characters long. That’s no longer good enough according to security experts. To be confident that software won’t be able to guess your password, 12-14 characters is now recommended.
- Unique — You really must try not to use the same password for multiple websites. The reason is obvious: a vulnerability on one website that results in your password being hacked could expose you to all sorts of problems elsewhere.
- Not found in the dictionary — Avoid using real words or names. It’s the simplest thing in the world for a hacker to automatically run through every word in the dictionary in an effort to crack your password.
- A mixture of letters, numbers, and symbols — The simplest way to avoid using dictionary words is switch out letters with numbers and symbols (“L” with “1”, “O” “0”, and “A” with “@,” and so on). Try to add some additional numbers, if you can.
Tricky, eh? Good advice to achieving the above is to make a memorable, unusual sentence — “I am a 29-year old 7-foot tall giant metal monster” for instance — and then to take the first letter of each word with punctuation: “Iaa29-yo7-ftfmm.”
Multi-factor authentication is by far the most secure way to access websites that contain a lot of serious information (such as your practice management software).
It works by combining something you know (your password), with something you can receive a one-time code on (usually your phone). Enable two-step authentication and a hacker must not only know your password but successfully steal and hack into your phone as well.
Selfies may soon replace passwords. At least that’s if the security gurus at Mastercard get their way. Biometric data that are unique to every individual — like fingerprints, retinas, and facial dimensions — are an increasingly common way to access devices. However, for the time being, they’re far from perfect and easily hacked. For genuine security, you might want to stick to a password for now.
The problem with having to write long, unique, and complicated passwords for every website you log into is that they’re very difficult to remember. The solution is to make use of a password manager like KeePass, 1Password, or LastPass.
These tools store your individual passwords for each website that you need to access and help you log in automatically via a single, master password. It is this master password — the one for the password manager — that you have to remember.
Okay, so I can hear you crying out: “But what if the password manager site gets hacked!” It’s a fair question, and it isn’t impossible.
However, not all hacks are equal. Given that the entire business model of these password management websites is to protect passwords it’s unsurprising that they layer encryption upon encryption upon encryption. Even if your password manager was hacked, the chances of your passwords being revealed are very low.
Of course, another option is simply to write your passwords down and then keep them in a secure place. It sounds absurd, but Vox recently suggested that it might actually be one of the most secure ways to manage your passwords.
Just keep the bits of paper safe.