Law Firm Security Step 2: Strengthen Your Passwords
Your network, PC, email, and many applications have one critical element in common: they are only as secure as the passwords you created for them. Security researchers have consistently found (and data dumps from breaches have documented) that a majority of people re-use the same password for many, if not most, applications. A single insecure website that exposes your password in a data breach could be all an attacker needs to gain access to many accounts critical to your practice and/or your personal life.
How can you protect yourself? Start with a trusted password manager application, such as 1Password or Keychain on Mac OS. A password manager provides a secure way to store and find all your passwords and only requires you to remember a master passphrase to gain access. Basic password managers work with a single computer, encrypting passwords on your hard drive; more sophisticated versions allow you to securely share your passwords between multiple computers and devices, including mobile phones and tablets.
When you first set up your password manager, you will need to choose a strong but memorable passphrase. A passphrase is basically a stronger, more complicated password. Strong passphrases have the following characteristics:
● Contain both upper and lowercase letters
● Have digits and punctuation symbols as well as letters
● Contain at least 12 or more letters, numbers, or symbols (the longer the better)
● Are not a word in any language, slang, dialect, or jargon
● Are not based on any personal information such as names of family or pets, or important dates
As you create new accounts for sites you visit or applications you use, add a new entry in your password manager. Name the entry after the site, include your username, and use the password manager to generate a password. Most will let you choose the length and complexity of the password to meet any rules imposed by the site, such as allowed special characters. Some accounts may require you to provide answers to security questions to reset a forgotten password. Unfortunately, most sites ask the exact same questions and may not adequately protect the answers. If the account requires you to answer security questions, use the password manager to generate your responses, as well. Remember to include the security question in the password entry (for example “First pet’s name: 3TFhJzbNdnYN1SMXW7q4”).
Another step you can take to protect your critical systems is to enable multi-factor authentication (also known as MFA or two-factor authentication). MFA is available on many sites and protects you by requiring both your password and a code to access your account. The access code is typically texted to you or provided by an app on your phone, such as Google Authenticator, and changes with each use. Without access to both your phone and your password, an attacker is prevented from gaining access to your account.
In short, it’s very important to remember that your accounts are only as strong as the passwords you created for them. A trusted password manager is a great way to organize, secure, and diversify your passwords. Lastly, in cases where even stronger security is required for your systems, enabling multi-factor authentication may just be your saving grace.
LawPay is proud to be trusted by more than 40,000 law firms, recommended by 46 state bars, and the only payment solution offered through the ABA Advantage program. LawPay was developed specifically to separate earned and unearned payments, giving attorneys peace of mind that their credit card transactions are always handled correctly. To learn more, call (866) 376-0950 or visit our website.
This content is advertising.
