Trial Magazine
Tech Brief
Locking Down Internet Security
October 2017While many lawyers assume that their accounts and passwords will never be hacked, the numbers tell a different story: In 2016 alone, more than 3 billion passwords were stolen from hackings or data breaches,1 and three out of seven people worldwide have had a password stolen.2 Using complex passwords for any website containing client or other confidential information is the easiest way to prevent a damaging data breach.
But even a highly conscientious computer user may have difficulty coming up with a password that can withstand “brute forcing,” a hacking technique that uses software and high-speed computers to rapidly generate random passwords. To help fend off brute forcing and other cybersecurity threats, lawyers and law firms should use passwords that
- are at least 12 characters long.
- use at least three of the following: uppercase letters, lowercase letters, numbers, and special characters (e.g., @, !, $, or %).
- are changed every 120 days.
- are unique for every website.
Consider using a program that can generate complex passwords unique to every website you visit. These “password managers” also store your passwords securely so you can access them from all your computers and devices—as long as you remember the master password to open the program.
Because there are many computer and mobile operating systems, make sure the program you choose is compatible with all of your devices. The following programs will work on your PC and Mac, as well as on your Android or iPhone in a secure, encrypted environment.
Every password manager has different strengths and weaknesses. Some may not work as smoothly on your mobile device, while others may use an interface that you don’t care for. Test-drive a couple of programs before deciding which one best fits your needs.
Dashlane (dashlane.com). Dashlane generates and saves new passwords. It also stores logins, credit card numbers, and other personal information—and will autofill the information on websites. Dashlane’s interface displays the logo of each website for which you’ve saved a password, making it easier to find the right one.
Keeper (keepersecurity.com). Keeper generates and stores passwords, and its interface has login buttons to websites at the top of the screen, making it easier to enter information. Its “Vault to Vault” feature allows you to share information with others.
LastPass (lastpass.com). LastPass, one of the oldest and most popular password managers, has an easy-to-use interface for creating, saving, and retrieving passwords. It also encrypts data on the user’s local computer or device and within the program’s master vault.
MSecure (msecure.com). MSecure is highly customizable and stores passwords in folders, making them easier to locate. It also has a password generator that can be tailored to comply with a website’s specific password requirements.
RoboForm (roboform.com). With more features than similar programs offer, RoboForm allows users to automatically log in to accounts, has its own mobile browser that eliminates the need to go back and forth from the password manager to another browser, and has autofill and auto-login features for selected sites.3
These programs are only as strong as the passwords you use. By following a few simple rules, you can protect your clients and your practice.
Daniel J. Siegel is the president of Integrated Technology Services and the principal of the Law Offices of Daniel J. Siegel in Havertown, Pa. He can be reached at trial@techlawyergy.com. The views expressed in this article are the author’s and do not constitute an endorsement of any product or service by Trial or AAJ.
Notes
- Steve Morgan & Joseph Carson, The World Will Need to Protect 300 Billion Passwords by 2020, Thycotic (Jan. 31, 2017), https://tinyurl.com/y7s39y78.
- Id.
- Other available password programs include 1Password (1password.com) and KeePass (keepass.info).