Lawyers: Change Your Password. Now. Seriously. Do it. - Technologist
Technologist - The FindLaw Legal Technology Blog

Lawyers: Change Your Password. Now. Seriously. Do it.

Lawyers make up terrible passwords. You know, like “password.” Or “12345!”

But it’s not as though we have lots of confidential, important information trapped in the hardware or software or clouds that we’re password protecting.

Oh wait, we do.

At the FindLaw In House blog, we recently explained that people should change their passwords every 90 days, and select “strong passwords.” A strong password contains numbers, letters, and special characters (i.e. !@#$%^&).

A strong password is considered strong because of the number of possible combinations based on the available characters on a computer. George Washington University calculates that a strong password offers 7.2 quadrillion combinations.

But that may not be enough this year.

Deloitte is predicting that more than 90 percent of user-generated passwords — even those considered strong by IT departments — will be vulnerable to hacking this year. The consulting giant explains:

For years a password that was at least eight characters long and included mixed-case letters, at least one number, and one non-alphanumeric symbol was considered relatively strong. Although not perfectly secure, such a password was considered good enough for even relatively high-value transactions such as banking and e-commerce … However, a number of factors, related to human behavior and changes in technology, have combined to render the “strong” password vulnerable.

So what should you do instead?

Deloitte suggests “multi-factor authentication” with additional factors like “a password sent to a user’s registered cell phone, a dongle that plugs into a USB slot, or a biometric feature such as a fingerprint or iris scan.”

That sounds a little too Mission: Impossible for the average law firm.

Most lawyers have some kind of privileged information or work product on their computers, but they don’t have access to state secrets and nuclear launch codes. While you may not need to secure your laptop with an biometric safeguards, at least consider the multi-quadrillion-combo protection of a strong password.

And please, don’t post your password on a sticky note at your desk.

Related Resources: