No Time Like the Present to Update Passwords

productivity-guide-cover

Personal Productivity for Lawyers

This quick-start guide to Getting Things Done and Inbox Zero also includes two shortcuts for those who want the benefits of GTD without having to learn the system.

The end of the year is a great time to reevaluate computer and file security. One issue that many lawyers overlook is using effective passwords.

If all of your passwords use your name or you are just looking to upgrade, here are some ideas.

Avoid the obvious

A simple word or your birthday written backwards will not do it. If you have a Spiderman action figure on your desk, please do not make Spiderman your computer’s login. If you could ever learn something from Spaceballs, it would be password security.

On one hand, if someone wants to hack into something, they can probably do it.On the other hand, establishing solid passwords should ensure that only great hackers can bust in.

Use a password vault

You might login to your computer everyday, which makes it tough to forget your password. Other services, however, might only get used a couple times a year—thereby making those passwords easy to forget.

One option is KeePass, which will securely store all of your passwords in one place. All you need is one master password to access all of your other passwords—kind of like a bank vault.

If you are super paranoid, you can make security even tighter be using a key file. A key file can be stored on a USB drive, CD, etc. You can setup KeePass to only open the database when the key file is present and you use the correct password. Pretty sweet.

Generate some g!bber!$h

There are plenty of sites that will help you generate passwords that are seemingly gibberish. The problem with many of these passwords is that they are hard to memorize and easy to forget.

If you are creative, you can easily turn a phrase or word into something more secure but easy to remember (see the above heading). Do whatever works for you—having a unique password is the first step in security.

(Photo credit: http://www.flickr.com/photos/mikeygottawa/533355476)

Subscribe

Get Lawyerist in Your Inbox, Daily

Current Articles
Current Lab Discussions
  • A terrific password strategy is to take the password you already regular use, know and love (as long as it’s unique and not something glaringly obvious, like “12345”), capitalize a letter within that password, and then add the initials of the site you want to use it for, followed by a symbol, to the beginning of the password. So if you’ve been using, for instance, “rydertruck” as your password, with this strategy the password for Lawyerist.com could be “l&rydErtruck”. That way, your password changes for most sites, but you can actually remember it.

    • Jason, I really like this strategy except for those times when it would fail due to sites requiring your password to fit their criteria (ie, must have a letter and number, or must be between 6-8 characters, etc.) Speaking of which, I really hate sites that do that.

  • I manage passwords using Keepass 2.x and Dropbox. If you save your password file on Dropbox, it will be automatically synced across all of your computers. Furthermore, the password file is heavily encrypted so the security concern is mitigated. You can even use Keepass on the Blackberry, which is cool.

    However, this means that cannot use online banking on public computers. You would have to rely on your laptop. That’s not a huge tradeoff for me because I use my Blackberry to access data on the road but it might be an issue for others.

    • William, the Keepass/Dropbox combo is also how Sam and I are able to co-manage Lawyerist accounts with multiple vendors and social media sites.

  • Surprised to see Lastpass not being mentioned in the post or in the comments (yet). It does all that what Keypass does and even more since it’s made as a browser extension. It’s also fantastic for filling webforms.

    The only potential caveat is that everything is in the cloud, so you have to hope they are better than Gawker at securing their users’ info.

    • William Chuang

      I was going to bring up LastPast, I swear. Haha. LastPast (claims to) implement client-side (local) encryption of the data. That means that LastPast never receives your private data in plain text. The client also salts your data so that means rainbow tables of precomputed password hashes will not be that useful in cracking any compromised code.

      The net effect is that you do not have to trust LastPast’s hosting, only its implementation of the clients. So long as the client software encrypts properly and honestly, it means that a Gawker style disclosure will not be disastrous. It also means that if you forget your password, you are screwed because there is no way to reset the data at all.

      • Do you mean LastPass, or is LastPast a new tool I can’t easily find online?

  • Julie Kiernan

    I like 1Password on the Mac. It will sync an encrypted copy with Dropbox so you have access it from any computer or device. You can even store secure notes and wallet information. One thing I read in their fine print this week is that title and urls are not encrypted, so especially in notes, don’t put anything you need encrypted. It works to auto save and fill from within browsers too.