As lawyers we owe an ethical and legal obligation to our clients to protect their confidential communications. As people, we have our own confidential information that we want to protect. Failing to take action to protect that information can hurt us socially and economically as individuals and professionally as attorneys.
Simply setting a password provides some protection. To provide maximum protection, you need to carefully choose your passwords and keep them secure. This column will help you build and manage strong passwords to better secure your and your clients’ information.
TIP 1: Password protect all devices and accounts. The bad guys can access any device you fail to protect with a password. If they learn of an account that you have not password protected, they can also access it. If they access the device or the account or both, they get all the information you have stored there.
TIP 2: Longer is stronger. You should always opt for a longer password or passphrase. Consider eight characters an absolute minimum. Note that all the popular current device operating systems (iOS, Android, Windows, and Mac OS) allow passwords of at least eight characters. We are unaware of any online accounts that allow or require passwords that will not accommodate eight or more letters. In the past shorter passwords were acceptable. Now only eight (or more) is enough! The longer the password, the longer it will take password cracking algorithms to crack it.
TIP 3: Mix it up. Passwords/passphrases should not contain only letters or only numbers. The more you mix the characters, the harder it will be to crack it. Use combinations of letters, numbers, and symbolic characters to build strong passwords.
TIP 4: You need more than one case. Mix upper and lower case letters into your password/passphrase. An example of a strong password would be: #*193JaBbErWoK284?! (Note that it contains a total of 19 upper and lower case letters, numbers, and symbolic characters.)
TIP 5: Keep passwords secure. No matter how much time and effort you put into building strong passwords, they do you no good if you make them easily discoverable by (for example) writing them on a piece of paper and sticking it on a computer monitor in your office. Also, you should not use the same password to protect multiple devices or accounts that contain confidential information (yours or your clients’). While you should use different passwords for each account, if you have multiple accounts that require passwords but that will never contain any confidential information, it probably won’t hurt anything to have them share a password. That said, you should NEVER use the same password for multiple accounts that contain confidential information, because if the bad guys get the password, they have access to all the accounts, not just the one.
Never set your devices to automatically log you into secure accounts (those containing confidential information). If you do, and someone gets into the device, they have immediate access to all the accounts.
You can make your life easier by using password management software, such as 1Password or LastPass (among others). The password management programs generally will also help you choose a password, usually composing it of randomly generated numbers, letters, and symbols, making it very difficult to remember, unless you have an eidetic memory. Fortunately, password management programs will remember the passwords for you. A password management program offers a valuable tool to you, but it carries a certain amount of risk as well if you do not use the program carefully. Because the password management program has all your passwords, you need to ensure that the password you choose for access to the password database has a high level of security in its structure and its storage. This one you need to commit to memory, as you do the password for accessing the device on which you run the software. Since you only need to remember two passwords, you should have the ability to commit them to memory. As a precaution, however, we suggest you write them down and store them in a locked safe, or a safe deposit box, just in case you forget them. If some of this seems like overkill to you, just think about the consequences of having your identity stolen or your client’s confidential information compromised because you did not exercise appropriate caution.
Copyright 2016 Jeffrey Allen and Ashley Hallene. All rights reserved.