Whether you’re a paralegal, attorney, or a court reporter, you’re probably responsible for troves of data that can be dangerous in the wrong hands - be it personal email and banking, court documents, transcripts and highly sensitive information gleaned from depositions. In addition to the data we need to protect, we all have online personas connecting us to colleagues and clients - email, instagram, facebook, linkedIn - that are thinly protected by a single password. Imagine the damage that could be done if a hacker were to be given complete access to your email contacts.
Once your email account is breached, what else could they get into?
Do you reuse your passwords across social media accounts? Banking? Online shopping? Your Discovery Litigation Services Account? Can a hacker use your email to breach other accounts through a simple password reset request?
Every year various security firms and services such as keepersecurity.com release their list of commonly used passwords. At first blush you might be thinking, “doesn’t this just help the hackers?” Rest assured, the hackers know this already. The list is comprised of past data breaches and the passwords that failed to secure people’s and various organizations’ private data. You’d be
Over the past few years security breaches have only increased in frequency, from the Jennifer Lawrence iCloud breach to Sony, The Department Of Homeland Security, Equifax, and John Podesta just to name a few. The movies would have you think that a hacker breaks into your law firm and guesses your password through a clever mix of snooping through your day planner, a law degree on the wall, and the family photos from your last vacation standing on your desk. This is not how it works. Hackers utilize large databases of commonly used passwords, including the default passwords for various hardware, dictionaries of overused words and a good old standard dictionary in addition to just brute force hacking 001, 002, 003, etc.
Nearly 17% of users are safeguarding their accounts with “123456” according to keepersecurity.com.
As 2017 isn’t over, below is the top 25 most commonly used passwords from last year. Digging through list from the past 5 years you can see a definite commonality. Minor changes aside, the lists might as well be duplicates. If you can find your password on this list, then it’s time to change your habits.
Top 25 Most Common Passwords of 2016
|
|
123456 |
source: https://keepersecurity.com/public/Most-Common-Passwords-of-2016-Keeper-Security-Study.pdf
Here’s What’s Even Scarier...
This is just a list of 25 passwords. It is a fraction of the size of lists readily available to people trying to gain access to your sensitive court documents. Just do a quick google search for “password list 2017” and the first result is a github file containing literally millions of passwords accumulated over the last few years over various programs and services.
These lists can be imported into a free tool designed to guess passwords.
You could spend your days sifting through these lists to make sure your passwords aren’t there, or you can just create strong and varied passwords to begin with.
How To Create Hard To Crack Passwords
To start, remove the “password” from your mind and rethink what is required. One of the more common suggestions to forming strong passwords is to avoid words that appear in dictionaries. The problem with this bit of advice is it leads to hard to remember passwords utilizing words that use numbers instead of letters coupled with weird capitalizations - NuM83r5 - thus making it extremely difficult for humans to remember, but actually quite simple and predictable for computers.
It also leads to users dragging their finger across the keyboard a few times - qwertyuiop123456. - to get a quick dopamine hit and excitement when they see that “Strong Password” indicator light up. A quick glance at the above list will show you just how easy it is to guess this password.
Think Passphrase not Password.
A password misleads us into thinking that we need to come up with that one golden ticket word that will lock down all of our accounts. In actuality, what you want is a nice long passphrase, sentence, or random assortment of words that you can easily remember, however, is much more difficult for computers to guess.
Source: https://xkcd.com/936/
This comic strip from xkcd draws focus to this fact really well and is corroborated in this Wall Street Journal article. Literally typing: “My uniquely secret & 51-characters long passphrase.” puts you on a better path to password security than anything on the aforementioned list or creating a hard to remember word with awkward capitalizations and numbers. Ideally, the more random the assortment of words, the better.
Set Different Passwords For Everything - The Easy Way
Whether your passwords are a collection of nonsensical phrases or weird advice your mom gave you when you were a kid, the common consensus is to have unique and varied passwords from service to service. That is, every login you create should be different from the next. Yes, this is tough and it leads to laziness and frustration which encourages the mashing of your hands down on the keyboard into some predictable letter arrangements - asdfASDF!.
Never fear, technology has you covered. If you want to use the same password for everything the safest way to do so is through the intelligent use of a password management tool. There are both internet-enabled/cloud-based tools and tools that utilize offline storage of passwords.
Whichever version of password manager you choose, you will only have to memorize ONE strong passphrase ever again. How is this? You have the option to allow the software to auto-generate very long complicated passwords for all of your other accounts.
It would take 4.825650839752918 years to brute-force crack a randomly-generated 51 character password with letters, numbers, and symbols. - KeeperSecurity.com
When you reach a form to create a new password, use a password manager to autogenerate it. You’ll never need to know this password, so don’t fret about that. The next time you need to log in, your password manager will do the heavy lifting. You just need to remember the passphrase/sentence you created for the tool.
Conclusion
Crafting difficult to crack, unique, and varied passwords across all of your login credentials don't have to be difficult. There are free software and best practices that you can implement to add a strong foundation of security to your accounts. No matter the small level of inconvenience, isn’t it worth whatever it takes to safeguard what’s important to you? With a little consistency, implementing these steps and best practices becomes second nature. At the very least, keeping your passwords off of these commonly used passwords lists is a step in the right direction.
