James Horne, Esq | 2021 – 2024 Member, The Florida Bar’s Standing Committee on Technology
In this digital age, no one can go without creating dozens and dozens of passwords for a wide variety of websites, email domains, website domains, computers, and cell phones to name a few. Each of these websites, applications and computers are susceptible to data breaches. Remembering all the passwords for each of these sites and applications can be daunting.
A “strong” password is essential for keeping your accounts and data secure. It is estimated that 2/3 of people use no more than two passwords for all their online accounts. The news is filled constantly with data breach after data breach. This exposes your passwords on the site that was breached and in turn exposes all your other online accounts that use the same password.
What makes a “strong” password or passphrase? The different elements of a password include, upper- and lower-case letters, numbers, and special characters. Data experts recommend having a password that’s at least 13 characters in length. This length password will prevent your password from being cracked by a brute force type attack. With this type of attack, every combination of letters and numbers are tried until the program finds the correct password. These are time consuming and the longer the length of the password, the longer this process takes. A random eight-character password with a modern computer would take 9 years, six months, and 18 days to crack. Scientists are developing a quantum computer that could crack an eight-character password in less than five seconds.
Everyone has seen a long random string of numbers, letters and special characters and thought, there’s no way I can remember this. The harder the password for you to remember makes the password exponentially more secure. There are numerous solutions out there to create and store these passwords consisting of long random strings of letters, numbers, and special characters. Mobile devices have built-in password managers that allow you to randomly generate and store these very secure passwords for each account you have without the need for you to remember them.
There are also several third-party desktop and mobile password manager apps that offer both free and paid versions. Some of the applications store sensitive information like usernames, passwords, and credit card numbers in a heavily encrypted file on the device itself, others allow you to synchronize your information across all devices.
Another technology that can thwart someone gaining access to your online accounts is called multi-factor authentication (MFA). Think of MFA in terms of using an ATM, the first factor is your debit card – something you have that identifies you – the second factor is your PIN – something you know that authenticates the first factor. Microsoft has said that 99.9% of password-based threats can be stopped with multi-factor authentication. MFA often requires you either assign a phone number or email or use an authenticator app where you can retrieve expiring codes to authenticate a password. This process ensures that you need both your password and access to your cell phone to gain access to your accounts. That is hard to pull off if the bad actor is halfway across the world.
As our legal practice management systems migrate to cloud-based systems, our precious client data becomes just like any other online account we have. Failure to create strong passwords and utilize all the cybersecurity features available will put our clients and their private, privileged data at risk.
However, with a few easy steps, anyone can secure the data that every lawyer needs to practice law in this digital age. First, make sure you are using some type of program that creates long, complex passwords and second, always make sure to enable multi-factor authentication for all your online accounts.
ABOUT THE AUTHOR
James “Jay” Horne is a solo practitioner with an office in Lakewood Ranch Florida. He practices in the areas of medical malpractice, personal injury, and family law.
This LegalFuel publication is intended for educational purposes only and does not replace professional judgment. Statements of fact and opinions expressed are those of the author individually and, unless expressly stated to the contrary, are not the opinion of The Florida Bar or its committees. The Florida Bar does not endorse or approve, and assumes no responsibility for, the content, accuracy or completeness of the information published. Any feedback should be provided to the author.