How to Craft Secure Passwords: Advice from a Cybersecurity Expert
Phishing, malware and ransomware attacks on legal professionals are on the rise. Strong passwords are essential for attorneys working with sensitive, private client information. Crafting strong passwords isn’t as hard as it may seem. We spoke with Paul Telesco, our VP of Technical Services, about how lawyers can create passwords that will keep their data secure. Here’s what he recommends.
In your experience working with law firms to provide cybersecurity solutions, how would you gauge most lawyers’ savviness when it comes to creating safe passwords?
Most lawyers are vigilant and understand the role that good passwords play in the overall security and protection of data. However, many are focused on keeping data easily accessible, especially when the firm doesn’t have password policies or special password technology in place. This is when simple, short and easily hacked passwords are created, putting data at risk. Efficiency is important, but a security breach caused by a weak password is not worth the headache or significant cost it will entail.
What makes for a ‘bad,’ unsafe password?
If a password lacks complexity, change it. Avoid using easily researched information such as birthdays, graduation years and children’s names.
What makes for a safe password?
Safe passwords are only used for one set of credentials and cannot be easily guessed. Length is of the utmost importance. I recommend using at least 16 characters.
I also highly recommend creating a passphrase. Passphrases are like passwords but longer and more secure, using a phrase with spaces. Although hard for criminals to hack, many people find passphrases easier to remember. The phrase can be anything from song lyrics to a random statement such as, “I Love My Pasta Al Dente,” if you happen to be an Al Dente pasta lover. That unique phrase alone would take a botnet about 60 septillion years to crack. Remember, the passphrase doesn’t have to be a proper sentence or grammatically correct.
What advice do you give your clients when creating complex but easy-to-remember passwords?
I always recommend using a password management tool. With password management tools, you only need to remember one password or passphrase to gain access to all other passwords. Then you can assign unique, long and complex passwords for all other login credentials and the password manager will remember and automatically input the passwords when needed.
While there are many great password management tools and programs to choose from, I recommend one that has a mobile app and includes multi-factor authentication.
What other tips do you typically give regarding password protection?
Beware of phishing e-mails that attempt to trick you into giving away your password. Cyber criminals often send convincing e-mails asking for the recipient’s login credentials. Always check the sender’s name and e-mail address closely for anything that looks suspicious. Never log into an account through an e-mail. Only log into an account from its official site.
What password trends do you foresee for the future?
We are headed towards the elimination of the traditional password. Some of the biggest tech influencers, like Google and Microsoft, have options for authentication without traditional passwords. These new types of multi-factor authentication will include factors such as a possession factor, (hardware that you own like a mobile device) and an inherent, or biometric factor (scanning your fingerprint or face).
For more information on how to protect client data, contact us.
Paul Telesco is the VP of Technical Services for Frontline Managed Services. He is passionate about transforming old and broken technology systems into powerful and productive technology environments. Paul holds multiple industry certifications including: Project Management Professional (PMP), Information Technology Infrastructure Library (ITIL) Foundation, Cisco Certified Network Associate (CCNA) Routing and Switching, Cisco Certified Network Associate (CCNA) Security, and Certified SonicWALL System Administrator (CSSA).