Legal professionals are exposed to a large amount of confidential client and company information on a day-to-day basis, necessitating the use of strong passwords as a security measure.
It can be hard to remember all those passwords, so some consider using a password manager to keep track.
A password manager is a software application that stores and manages the passwords you’ve chosen for various online accounts. Whether we realize it or not, many of us are already using password managers. If you use Firefox, Internet Explorer, or any browser that asks you if you want to save your password and you say yes, you are using a password manager.
While web browsers allow you to save your passwords without much thought, they are not as secure as integrated programs like 1Password, LastPass, and Dashlane.
Why use a password manager?
When you use dozens of sites that require you to save usernames and passwords for each one, the prospect of remembering each one is impossible. And writing them down and saving in a secure location can seem overly burdensome.
Easier-to-remember (read: weaker) passwords aren’t the answer, as you risk granting access to your entire firm’s data by repeating passwords or using easy to crack versions.
Because password management is more than just remembering your log in credentials. It involves understanding that the best way to protect your firm’s information is through the creation and protection of unique passwords for each site.
Here are some pros and cons of password managers and how to set up one for your firm:
Pros of password managers
A password manager is a quick and easy way to protect your client files, keep your log in credentials secure, and ensure that confidential information is not being compromised. Here are some of the features these systems provide:
- Multiple device functionality. Password managers allow you to download an application on your computer as well as your smartphone, complete with a plugin for Internet browsers. This functionality allows you to easily log in to a website with any remembered device.
- Ease of use. When you go to create a new account online, a password manager will recognize that you are creating an account and prompt you to use the platform to create a random, complex string of characters – a strong, secure, and un-guessable password for each account.
- Enhanced security. Password managers use several different layers of authentication, and you can set them so they will log in with a password, fingerprint, or facial recognition.
Downsides to password managers
Although password managers seem to solve a law firm’s password management dilemma, there are some cons to using them:
- Still subject to hacks. Not even password managers are infallible. In the last several years, both 1Password and LastPass fell victim to global hacks, but thanks to encryption and prompt fixes, user passwords were not released around the Internet.
- Can be cumbersome. You’ll need to remember to install password managers on every new device before you’ll be able to log into any of your accounts. This can be awkward if you are using a public computer, but it goes without saying that legal professionals shouldn’t be accessing firm accounts on public devices anyway.
- Not always free. While most password managers have free versions, some charge a few dollars a month for a premium account. Most legal professionals who use password managers consider this a small price to pay for the peace of mind that comes with using one.
Setting up a password manager
Here are some tips for setting up a password manager at your firm:
- Choose one unique, random, and memorable master password for every password-protected program across all your devices.
- Use enterprise versions of password managers that allow for a standardized approach to password management, even when passwords for personal accounts are being stored.
- Create passwords that contain three of the following: English uppercase characters, English lowercase characters, base 10 digits, and non-alphabetic characters.
- Activate two-factor authentication that requires the use of a second factor, such as a phone call, text message, or a random code generated by a smartphone app, in addition to a password to gain access to an account.
It should be noted that password managers can’t protect your password if the website itself is hacked, but they offer tools to alert you to potentially compromised passwords and make sure you don’t reuse them.
And when you consider the lists of companies that have suffered data breaches in the past few years, any tools to strengthen security on the user side are valuable. Particularly when it’s been estimated that the biggest cybersecurity risks are employee negligence.
Has your law firm successfully implemented a password manager? Or deliberately chosen not to use one? Tell us about your experiences in the comments!