Relevant. Affordable. Actionable.
I have given a number of presentations on the general topic of cybersecurity that always include a discussion of password best practices. You know the spiel. Passwords are to be long and difficult to guess, different for every account or device, never reused, etc. Obviously, this can be a challenge. In fact, I’ll share, between my wife and I, we have over 250 different passwords we need to keep track of in our personal and professional lives. This is when the hands start to go up and it’s the same question every time. “How in the world do you keep track of all those passwords?” While there are several ways to do it, my answer always includes encouraging the use of a password manager. Of course, the next question is either, “What the heck is that?” or “Are those things safe to use?”
At the most basic level, password managers are software applications that allow you to conveniently store and manage all of your passwords. The data is encrypted and can only be accessed after you have entered a master password. Yes, you still need to remember a long difficult to guess master password; but having to remember just one is far easier than 250. Just don’t write it on a sticky note and place that on the side of your computer screen. You really must commit it to memory or store it in some other secure manner.
For me, the more interesting question is always the one about whether or not password managers safe to use because, in my experience, this is the concern that becomes the excuse to not make a change. At the outset, I would hope the use of a password manager would be viewed as far more secure than simply writing things down on a piece of paper or on sticky notes that are left lying around. Further, given the robust encryption in use, these applications are also going to be more secure than keeping a list of passwords in an Excel or Word file. But here’s the real value as I see it. The use of a password manager is going to be far more secure than picking weak passwords, not changing passwords and re-using old passwords, which is what so many do by default. Password managers are simply about making it easy to follow through with password best practices, which can go a long way in preventing a cybercrime.
Since 1998, Mark Bassingthwaighte, Esq. has been a Risk Manager with ALPS, an attorney’s professional liability insurance carrier. In his tenure with the company, Mr. Bassingthwaighte has conducted over 1200 law firm risk management assessment visits, presented over 600 continuing legal education seminars throughout the United States, and written extensively on risk management, ethics, and technology. Mr. Bassingthwaighte is a member of the State Bar of Montana as well as the American Bar Association where he currently sits on the ABA Center for Professional Responsibility’s Conference Planning Committee. He received his J.D. from Drake University Law School.
4 min read
Mark Bassingthwaighte, Risk Manager : Jul 2, 2019 12:00:00 AM
Sometimes married couples see things differently and the only way to resolve the tension is by finally deciding to agree to disagree. That’s how...
Sharon D. Nelson Esq., Sensei Enterprises : Jun 20, 2023 12:39:34 PM
Lawyers Hate Passwords Lawyers have hated passwords since passwords first made their appearance. They resisted having them until their employer (or...
4 min read
Mark Bassingthwaighte, Risk Manager : Aug 18, 2017 12:00:00 AM
(Updated May 19, 2023) The days when an attorney could send an unencrypted email without worry, remain blissfully ignorant about encrypting a...
