YourABA April 2012 Masthead

Learn more about technology with these ABA member benefits

Security fundamentals: Passwords

Passwords are the first, and sometimes last, line of defense when it comes to protecting your valuable business and client data. Here are some simple rules to follow to ensure that your passwords are as strong as possible:

  • Avoid passwords that are shorter than eight characters. Some experts even recommend a minimum length of 15 characters. Why? Longer passwords are generally less vulnerable to brute-force attacks, where hackers randomly generate possible passwords in hopes of stumbling on the right combination of letters and characters.

  • Include a variety of character types, including upper and lower case letters, numbers and special characters (like &, % or @).   A complex password is significantly more difficult to guess. 

  • Do not use a single dictionary word or common phrase as your password. One of the most basic attacks involves cycling through dictionary words.  Even common character substitutions (e.g. replacing “a” with “@” or “s” with “5”) may not be enough to protect you: more sophisticated attacks will include these variations as well.

  • Pass phrases, which combine multiple common but unrelated words, can be extremely secure. For example, you might take the last four street names you've lived on and add some punctuation: "Oak 12th Franklin Main!" That pass phrase is more than 15 characters, includes upper and lower case characters, numbers and special characters (both the spaces and the exclamation point), but it's considerably easier to remember than a gibberish password like “fe@3d?!ERc1#.”

  • Use different passwords for different services/devices. Hackers often target minimally secured sites to obtain a list of email addresses and passwords. They then take those credentials over to more secure websites, like web mail accounts or banking sites, and use them to access more valuable data. Using different passwords insulates you from that type of exploitation: even if a hacker gets one of your log-ins, they won’t automatically gain access to all of your accounts.

Back to top

  • Be careful when setting your password reminders or security questions. In many cases, individuals’ accounts are compromised because their security questions can be answered with information that’s publicly accessible, like a former address or their mother’s maiden name.  The attacker simply clicks the “forgot your password?” link, answers your security questions, and resets the password.  Avoid this by choosing security questions that are less ordinary, or consider answering the security questions with memorable—but false—information.

  • Be careful where you log in. Another popular trick of fraudsters involves setting up fake log-in pages for popular sites like Facebook, Twitter and the various web mail services. The pages look authentic, but when you enter your information and click “login,” you’re actually compromising your account. To protect yourself, make a habit of looking at the URL whenever you login—does the URL look legitimate? Does your browser show a secure connection, usually indicated by a closed lock icon? If you complete the login process and find you aren’t actually logged in, it may be a good idea to go to the real site and change your password.

Never write down your password in an unsecure location. The classic mistake isleaving your passwords on a sticky note pasted on your monitor , or, nearly as bad, leaving an unencrypted text document on your computer’s desktop that contains the passwords for all of your accounts. If you need help keeping track of your passwords, use a password management tool designed for that purpose like LastPass or KeePass.

Back to top




Lawyers marketing legal services on group-coupon websites


Eight tips on creating and maintaining secure passwords


Avoiding extinction: Are you prepared for the future of law practice?


Advice on managing online reputation issues

Six tips on reducing the cost of e-discovery

Five reasons for employee turnover and strategies for overcoming them

Lessons from recent merger challenges

Financing a law practice: lawsuit funding, business incubators, more

Tips on public speaking in and out of court

Creating effective special needs trusts

Young lawyers: Tips on getting noticed, making a positive impression

ABA supports legislation for one standard for prosecutor disclosure of evidence favorable to defendants


Make Your “Likes” Count Sweepstakes!


New savings! Ricoh Americas joins ABA Member Advantage