chevron-down Created with Sketch Beta.
February 26, 2023 4 minutes to read ∙ 800 words

Ask Techie: How Can I Improve the Security of My Passwords?

Welcome to the latest installment of our monthly Q&A column, where a panel of experts answers your questions about using technology in your law practice.

This month we answer a reader's question about how to improve the security of your passwords and what exactly is ChatGPT.

Q: How Can I Improve the Security of My Passwords?

A: In today’s digital age, you have to protect your online accounts. Every week criminals hack into another company and steal information. In January 2023 PayPal suffered a well-publicized data breach.

You can sharply reduce your risks, but you’ll have to contend with Password Enemy #1.

Password Enemy #1

Short, eight-character passwords are Password Enemy #1.

If you follow the old wisdom on passwords, you risk having your accounts breached, your privacy invaded, and, worse yet, your identity stolen.

  • Old Password Wisdom: Use eight characters, including upper- and lowercase letters, a number, and a symbol.
  • New Password Wisdom: Eight characters are not enough!

You would be amazed at the ingenuity, persistence, and power of password crackers. They figure out the “clever” systems many of us devise for creating passwords that follow the password rules and that we can remember.

Unfortunately, the hackers are onto our little tricks. They know our substitutions, such as @ for a and $ for s, and much more. They develop pattern recognition code and enormous password libraries to crack most eight-character passwords in seconds.

12-Character Password Are Game-Changers

The difference between eight and 12 characters may seem small. To a thief, it makes all the difference.

Hackers are using botnets of millions of compromised personal computers to break passwords. They don’t need supercomputers to have supercomputer powers.

A 12-character password neutralizes the thieves’ supercomputer powers. With a mix of upper- and lowercase letters, numbers, and symbols, you can have up to 95^12 or 6.6 x 10^17 possible combinations. This is an astronomical number. Even if we “cheat” and don’t create truly random 12-character passwords, we can still foil the hackers.

Thieves don’t bother running their diabolical password crackers long enough on a single, strong, 12-character password. It would take many years to crack, even if not totally random.

New Password Rules

You can make your passwords strong enough by following these rules:

  1. Generate two or three words from a large word list, such as the 4 Letter Word Generator from Cool Generator.
  2. Break up each word with a symbol.
  3. Capitalize a letter and insert two numbers, but not at the beginning or end.

It is important to use a random word generator. Words that you dream up, especially if they relate to each other, are far more likely to be tried by a hacker’s program.

Here is an example of a good 12-character password created in this fashion:

  • aq,ua62Daz.e

This password doesn’t fit known patterns and isn’t made of any whole words.

How long would it take to crack it? Running 632 billion passwords per second, it would take eight million years!

To speed up your process of replacing passwords, create a list of good ones and then log into a number of your accounts to update their passwords. You don’t have to do all your accounts at once. Pace yourself.

How are you going to keep track of all your new, good passwords? With a password manager. But that is a topic for another Q&A. Stay tuned to Ask Techie for advice on password managers.

(Spoiler: Bitwarden is free, secure, and highly recommended by experts.)

Techie: Wells H. Anderson, JD, GPSolo eReport Contributing Technology Editor and CEO of SecureMyFirm, 952/922-1120,—we protect small firms from cyber threats with affordable, multiple layers of defense.

Q: What Exactly Is This ChatGPT That I Keep Reading About?

A: ChatGPT is an open-source artificial intelligence program from OpenAI. It was released in November 2022 and since then has been tested against a bar exam. It nearly passed the multiple-choice portion of the exam and managed to earn a passing grade on law school essays. It can write and debug code. ChatGPT can write in multiple languages, including JavaScript and Python. It can also serve as a launchpad for blog writing and many other uses. Some users have indicated in their feedback that they consider the AI’s responses to be politically biased, offensive, or otherwise objectionable. This poses an interesting question: How should an AI system “behave,” and who should decide? OpenAI has attempted to be transparent in their process in one of their blog posts.

ChatGPT is ultimately integrating with Microsoft Bing. In response, Google is launching Google Bard, an AI program to rival ChatGPT.

The battle for AI domination is in full swing.

Techie: Ashley Hallene, JD, GPSolo eReport Editor-in-Chief ([email protected]).

What’s YOUR question?

If you have a technology question, please forward it to Managing Editor Rob Salkin ([email protected]) at your earliest convenience. Our response team selects the questions for response and publication. Our regular response team includes Jeffrey Allen, Wells H. Anderson, Jordan L. Couch, Ashley Hallene, Al Harrison, and Patrick Palace. We publish submitted questions anonymously, just in case you do not want someone else to know you asked the question.

Please send in your questions today!

Download the PDF of this issue

The material in all ABA publications is copyrighted and may be reprinted by permission only. Request reprint permission here.

Published in GPSolo eReport, Volume 12, Number 7, February 2023. © 2023 by the American Bar Association. Reproduced with permission. All rights reserved. This information or any portion thereof may not be copied or disseminated in any form or by any means or stored in an electronic database or retrieval system without the express written consent of the American Bar Association. The views expressed in this article are those of the author(s) and do not necessarily reflect the positions or policies of the American Bar Association or the Solo, Small Firm and General Practice Division.