A couple of weeks ago, we received news that the U.S. government had been hacked (again). Search the Web for news of cybersecurity or data breaches, and you could read for days on the issue. It’s no secret that information security should be at the top of every lawyer’s priority list. This article will offer some suggestions on how to protect yourself using a password manager.
What is a password manager?
A password manager is a piece of software that stores your password and login information for various websites. It can also store information about the cards you typically keep in your wallet, such as a driver’s license, credit/debit cards, and the like. The passwords and information are stored in a database and are protected by a “master” password.
The master password encrypts/decrypts (i.e., locks and unlocks) the password/information database when that master password is entered into the software. One such app is called 1Password, presumably because you only need to remember one password to access all of your other passwords.
Why should I use a password manager?
First, you should use a password manager because your normal method is not sufficient. In my practice, I’ve seen small sticky notes stuck on the bottom of a user’s monitor with passwords or other sensitive information on it. I’ve also seen notebooks stuck in the top desk drawer with passwords listed inside. While the passwords on that sticky note and notepad may not be easily accessed by someone on the Internet (unless they’ve hacked the user’s webcam), the passwords are not safe from visitors (welcome or not) to your office.
Second, storing passwords in your Internet browser (likely Internet Explorer) is convenient, but not ideal. It’s pretty easy to access those passwords, unless you lock your computer while away from your desk.
Third, we are human. We don’t like remembering or creating a new password for every service that requires one. So, we use the same password on multiple sites. While this may be an easy system to use, it is a bad idea. If your Facebook password is the same as your online banking password, and Facebook got hacked, you may have allowed the hacker access to your bank account.
How do I use a password manager?
When you first open a password manager, you are prompted to create the master password. This password should be strong and complex since it will be used to access and protect all your other passwords. There are many articles on creating good passwords, but I typically recommend using two to three passwords linked together, containing a combination of upper and lowercase letters/numbers/characters that create a phrase you can remember. Simple, right?
Once you have that strong master password, store it somewhere safe, outside of the password manager. A sticky note is not secure, no matter how long it stays stuck on the monitor.
Now, you start entering your passwords and login information for the various sites you access. This will take some patience and time, but stick with it. The payoff is worth it in the end. Remember to add notes of safe combinations, access codes, pin numbers and the like. These items will all be protected by the password manager.
Now that you have your software set up, take a few minutes to review your passwords. The software can help you determine if you have used the same password over and over. Many password managers can take you directly to the “change your password” page to change and remember the password.
The software can auto-generate new, more complex passwords that you don’t have to remember because the software can remember and store the information automatically.
Most password managers have a “plug in” for your Web browser, giving you access to the username and password with the click of the mouse (or keyboard shortcut). If you visit a new site and need to set up a new username and password, the software can remember the login information for you.
Some password managers monitor websites for hacks and notify you if your password may have been compromised.
Finally, many password managers have apps for your mobile devices as well as for your desktop. Some even allow for fingerprint scanning to open the password manager instead of entering your master password each time.
Many password managers are free, with paid premium features. I use 1Password. It works on my Apple devices and my Window’s office computer. I really like having access to my passwords and personal information wherever I am and knowing that information is secure. Hopefully, you will too.•
Seth Wilson is a partner at Hume Smith Geddes Green & Simmons LLP in Indianapolis. In addition to practicing law, he helps manage technology operations of the firm and frequently speaks and advises on legal technology issues. For more legal technology tips delivered right to your inbox, visit sethrwilson.com to sign up for Seth’s e-newsletter. The opinions expressed are those of the author.