June 01, 2016

TAPAs: Building Strong Passwords to Protect Your Information

Jeffrey Allen and Ashley Hallene


As a society we have moved towards storing more and more information in the cloud and on our various electronic devices (including computers, cell phones, tablets, etc.). Everything we use to store information electronically has the ability to have security protection. If you do not have password protection (or biometric protection) on each of your devices and for each of your online accounts, you make yourself a target for the bad guys and put your information at risk.


As lawyers we owe an ethical and legal obligation to our clients to protect their confidential communications. As people, we have our own confidential information that we want to protect. Failing to take action to protect that information can hurt us socially and economically as individuals and professionally as attorneys.

Simply setting a password provides some protection. To provide maximum protection, you need to carefully choose your passwords and keep them secure. This column will help you build and manage strong passwords to better secure your and your clients’ information.

TIP 1: Password protect all devices and accounts. The bad guys can access any device you fail to protect with a password. If they learn of an account that you have not password protected, they can also access it. If they access the device or the account or both, they get all the information you have stored there.

TIP 2: Longer is stronger. You should always opt for a longer password or passphrase. Consider eight characters an absolute minimum. Note that all the popular current device operating systems (iOS, Android, Windows, and Mac OS) allow passwords of at least eight characters. We are unaware of any online accounts that allow or require passwords that will not accommodate eight or more letters. In the past shorter passwords were acceptable. Now only eight (or more) is enough! The longer the password, the longer it will take password cracking algorithms to crack it.

TIP 3: Mix it up. Passwords/passphrases should not contain only letters or only numbers. The more you mix the characters, the harder it will be to crack it. Use combinations of letters, numbers, and symbolic characters to build strong passwords.

TIP 4: You need more than one case. Mix upper and lower case letters into your password/passphrase. An example of a strong password would be: #*193JaBbErWoK284?! (Note that it contains a total of 19 upper and lower case letters, numbers, and symbolic characters.)

TIP 5: Keep passwords secure. No matter how much time and effort you put into building strong passwords, they do you no good if you make them easily discoverable by (for example) writing them on a piece of paper and sticking it on a computer monitor in your office. Also, you should not use the same password to protect multiple devices or accounts that contain confidential information (yours or your clients’). While you should use different passwords for each account, if you have multiple accounts that require passwords but that will never contain any confidential information, it probably won’t hurt anything to have them share a password. That said, you should NEVER use the same password for multiple accounts that contain confidential information, because if the bad guys get the password, they have access to all the accounts, not just the one.

Never set your devices to automatically log you into secure accounts (those containing confidential information). If you do, and someone gets into the device, they have immediate access to all the accounts.

You can make your life easier by using password management software, such as 1Password or LastPass (among others). The password management programs generally will also help you choose a password, usually composing it of randomly generated numbers, letters, and symbols, making it very difficult to remember, unless you have an eidetic memory. Fortunately, password management programs will remember the passwords for you. A password management program offers a valuable tool to you, but it carries a certain amount of risk as well if you do not use the program carefully. Because the password management program has all your passwords, you need to ensure that the password you choose for access to the password database has a high level of security in its structure and its storage. This one you need to commit to memory, as you do the password for accessing the device on which you run the software. Since you only need to remember two passwords, you should have the ability to commit them to memory. As a precaution, however, we suggest you write them down and store them in a locked safe, or a safe deposit box, just in case you forget them. If some of this seems like overkill to you, just think about the consequences of having your identity stolen or your client’s confidential information compromised because you did not exercise appropriate caution.

Copyright 2016 Jeffrey Allen and Ashley Hallene. All rights reserved.


Jeffrey Allen and Ashley Hallene

Jeffrey Allen is the principal in the Graves & Allen law firm in Oakland, California, where he has practiced since 1973. He is active in the ABA (particularly in the GPSolo and Senior Lawyers Divisions), the California State Bar Association and the Alameda County Bar Association. A frequent speaker on technology topics, he is editor-in-chief of GPSolo Magazine and GPSolo Technology eReport. He serves as an editor and the technology columnist for Experience Magazine and has served on the Board of Editors of the ABA Journal. He also serves on the ABA’s Standing Committee on Information Technology. Recently, he coauthored (with Ashley Hallene) Technology Solutions for Today's Lawyer and iPad for Lawyers: The Tools You Need at Your Fingertips. In addition to being licensed as an attorney in California, he has been admitted as a Solicitor of the Supreme Court of England and Wales. He teaches at California State University of the East Bay. He may be reached at jallenlawtek@aol.com. You may also get technology information from his blog: jallenlawtekblog.com. Ashley Hallene is a petroleum landman at Alta Mesa Holdings, LP, and practices Oil and Gas law, Title Examination, Due Diligence, Acquisitions and Oil and Gas Leasing in Houston, Texas. She maintains a diverse solo practice on the side. Ashley is the coauthor of the technology overview Making Technology Work for You (A Guide for Solo and Small Firm Attorneys) along with attorney Jeffrey Allen. She has published articles on legal technology in GPSolo Magazine, GPSolo eReport, and the TechnoLawyer Newsletter. Ashley is an active member of the American Bar Association’s General Practice Solo & Small Firm Division, ABA’s Young Lawyers Division, the Texas Young Lawyers Association, the Houston Young Lawyers Association, and the Houston Association of Petroleum Landmen. She frequently speaks in technology CLEs and is Deputy Editor-in-Chief of the Technology and Reviews Department of the GPSolo eReport.