Learn more about technology with these ABA member benefits
Security fundamentals: Passwords Passwords are the first, and sometimes last, line of defense when it comes to protecting your valuable business and client data. Here are some simple rules to follow to ensure that your passwords are as strong as possible: - Avoid passwords that are shorter than eight characters. Some experts even recommend a minimum length of 15 characters. Why? Longer passwords are generally less vulnerable to brute-force attacks, where hackers randomly generate possible passwords in hopes of stumbling on the right combination of letters and characters.
- Include a variety of character types, including upper and lower case letters, numbers and special characters (like &, % or @). A complex password is significantly more difficult to guess.
- Do not use a single dictionary word or common phrase as your password. One of the most basic attacks involves cycling through dictionary words. Even common character substitutions (e.g. replacing “a” with “@” or “s” with “5”) may not be enough to protect you: more sophisticated attacks will include these variations as well.
- Pass phrases, which combine multiple common but unrelated words, can be extremely secure. For example, you might take the last four street names you've lived on and add some punctuation: "Oak 12th Franklin Main!" That pass phrase is more than 15 characters, includes upper and lower case characters, numbers and special characters (both the spaces and the exclamation point), but it's considerably easier to remember than a gibberish password like “fe@3d?!ERc1#.”
- Use different passwords for different services/devices. Hackers often target minimally secured sites to obtain a list of email addresses and passwords. They then take those credentials over to more secure websites, like web mail accounts or banking sites, and use them to access more valuable data. Using different passwords insulates you from that type of exploitation: even if a hacker gets one of your log-ins, they won’t automatically gain access to all of your accounts.
Back to top - Be careful when setting your password reminders or security questions. In many cases, individuals’ accounts are compromised because their security questions can be answered with information that’s publicly accessible, like a former address or their mother’s maiden name. The attacker simply clicks the “forgot your password?” link, answers your security questions, and resets the password. Avoid this by choosing security questions that are less ordinary, or consider answering the security questions with memorable—but false—information.
- Be careful where you log in. Another popular trick of fraudsters involves setting up fake log-in pages for popular sites like Facebook, Twitter and the various web mail services. The pages look authentic, but when you enter your information and click “login,” you’re actually compromising your account. To protect yourself, make a habit of looking at the URL whenever you login—does the URL look legitimate? Does your browser show a secure connection, usually indicated by a closed lock icon? If you complete the login process and find you aren’t actually logged in, it may be a good idea to go to the real site and change your password.
Never write down your password in an unsecure location. The classic mistake isleaving your passwords on a sticky note pasted on your monitor , or, nearly as bad, leaving an unencrypted text document on your computer’s desktop that contains the passwords for all of your accounts. If you need help keeping track of your passwords, use a password management tool designed for that purpose like LastPass or KeePass. Back to top | | EYE ON ETHICS Lawyers marketing legal services on group-coupon websites TECHNOLOGY TRANSLATORS Eight tips on creating and maintaining secure passwords FIRST FOCUS Avoiding extinction: Are you prepared for the future of law practice? AROUND THE ABA Advice on managing online reputation issues Six tips on reducing the cost of e-discovery Five reasons for employee turnover and strategies for overcoming them Lessons from recent merger challenges Financing a law practice: lawsuit funding, business incubators, more Tips on public speaking in and out of court Creating effective special needs trusts Young lawyers: Tips on getting noticed, making a positive impression ABA supports legislation for one standard for prosecutor disclosure of evidence favorable to defendants MEMBERSHIP Make Your “Likes” Count Sweepstakes! MEMBER ADVANTAGE New savings! Ricoh Americas joins ABA Member Advantage |
