Using two-factor authentication—where you log in with both something you know (like a password) and something you generally always have with you (like a phone)—is critical and you should be using it everywhere it is offered. When you use two-factor authentication, you log on to an application or a website like you normally do with your regular password, but then you are prompted to enter an additional code, which is typically sent to your phone. (If you’re on the device you always use, it won’t prompt you for the code every time. It only prompts you when you log on to a new device or computer.)
Many apps you already use—Gmail, Facebook, and Dropbox, for example—already offer two-factor authentication. But what about one of your most critical software applications—your practice management software? That program holds your contacts, your calendar, your emails, your documents, and more. Because of that, you need that program to be as secure as possible. Here is a look at which of the leading programs explicitly support two-factor authentication. Other law practice management software programs not listed here may support it, but they are not included here if it wasn’t possible to determine from Googling and examining the product’s site.
Abacus offers two-factor authentication, but it doesn’t quite work by generating a code to your smartphone. Instead, you are required to use a third-party application—Duo Mobile Push—to receive notifications. That app gives you a message on your smartphone about the login, and you can approve or deny the login request. If you do the latter, you also have the option to report the login request to Duo and Abacus as fraudulent.
CaseFleet offers two-factor authentication and expressly recommends it as a best practice for law firm security across the board.
CosmoLex recommends two-factor authentication, which is especially critical in a program like CosmoLex where it also handles your trust accounting. Find out more on CosmoLex’s support page for two-factor authentication.
Clio states that two-factor authentication is highly recommended has made using two-factor authentication even easier by allowing you to use the Google Authenticator to generate your personal code each time you log in on a new device. Google Authenticator (which you install on your phone—it works with both Android and iOS) streamlines the process of getting that code that helps you log in. Rather than waiting for Clio to kick out a text to your phone, Google’s Authenticator app generates codes for you on a continual basis so you can just open the app, grab a code, and be on your way. It’s a small thing, but it saves you a lot of time if you often have to log on to a variety of devices.
FactBox strongly recommends but does not require two-factor authentication.
Lawcus just announced last month that it now supports two-factor authentication. To use it, you will need to use a third-party mobile app to authenticate. Lawcus recommends Google Authenticator, Authy, or Salesforce Authenticator.
PracticePanther implemented two-factor authentication in 2015. It has also indicated it would consider implementing IP restrictions, where the user could choose to allow PracticePanther to accept logins from any IP address (i.e., any device in any location) or “lock down” the IP addresses, which would mean the user could only log in from specific locations.
RocketMatter uses a third-party program, OneLogin, to manage secure logins. OneLogin is robust, allowing you to set two-factor authentication or things like digital certificates, where only browsers with a valid certificate are allowed to sign into the program. It is a useful feature if you need to set login protocols for a number of employees because you can manage it all through OneLogin. OneLogin has a free plan that seems like it would work for most firms, as paid plans only kick in when you want to use several apps with OneLogin.
Zola Suite says that it “employs two-factor authentication for sharing access to new users[.]” It is unclear if that means that two-factor authentication can be used by existing users when they use a new device.
If you are considering purchasing law practice management software, make sure you consider whether two-factor authentication is available. You owe it to yourself and your clients to keep your data safe.