/ Tech

5 Password Best Practices for Law Firms

In their day-to-day work, lawyers use lots of passwords. From computers to client files to online services, there's no shortage of login credentials to keep track of.

To save time and effort, people often take shortcuts, leaving sensitive personal information at risk of being compromised. Thankfully, there are easy ways to ensure that your passwords protect your information like they're supposed to. I've put together five best practices law firms can observe to safely create, save, and manage passwords.

1. Store passwords securely

Many people use a notebook to track their user names and passwords, creating a number of risks. First, if the notebook is lost, so too are all of those passwords, and anyone who finds the notebook may be able to access the listed accounts. Second, physical notebooks can only be accessed in one location, making it challenging if you're moving from one work location to another. Finally, it creates an unnecessary security risk.

Instead, you can use a secure password manager like LastPass. Programs like these save all of your user names and passwords in a safe location accessible with one master password. They make logging in fast and simple, and can also generate strong passwords for you to use.

Importantly, you can share access with a team member without having to actually share the password itself.

2. Create passphrases, not passwords

Cracking a password is a numbers game. For example, it takes under a second for a computer to crack a one-word, nine character password like "briefcase". However, using a phrase instead of a single word greatly increases security. A memorable yet more secure passphrase like "packingabriefcase17973" would take thousands of years to crack.

If you'd like to see how long it would take for different passwords and passphrases to be cracked, check out this helpful website. We also encourage you to use tools like this site to check if you have a compromised account with a password.

3. Don't reuse passwords

A 2019 Google survey found that 65% of people use the same password in multiple places. While the convenience of using the same password for multiple services is tempting, it's far outweighed by the security risks.

You're only as protected as the least protected website you create an account on. If user names and passwords are compromised in just one place, almost all other services that use those same credentials are vulnerable.

If you're having trouble coming up with new passwords, there are a number of services that generate highly secure passwords for you.

4. Opt in to two-factor authentication

Two-factor authentication is a process that requires two or more pieces of pre-determined evidence be provided in order for a user to access an account or service.

You've most likely encountered it when creating different sorts of accounts online. As a refresher, here's how it works:

  • A user successfully enters their password online.
  • A code is then sent to another location/device, usually a phone.
  • The user then enters that code, granting them access.

2fa_md

With this protection, even if someone has your user name and password, they'd also need your phone and its credentials. However, two-factor authentication is not an excuse to set weak passwords or reuse them. Think of it as an additional last line of defence against malicious actors.

We offer two-factor authentication to NoticeConnect users and I encourage you to set it up!

5. Never share your password

Your password should be yours, and only yours. No matter how convenient it may seem, sharing it with someone else puts your information at unnecessary risk. This is especially true when it comes to digital communications like email. The shared password will live on in a message long after you forget about it.

Instead, focus on ensuring that everyone who needs access to digital programs has access to it.

A little work goes a long way

Following these password best practices may seem like a lot of work. But the work required to recover compromised accounts and deal with stolen information is far, far greater. So, take a little bit of time today and ensure that your information remains secure down the road.