Why are passwords so hard for lawyers?

That’s the question Tom Mighell poses in his latest blog post.

I haven’t given as many presentations as Tom about the need for good password practices, but I have seen the same reaction from many lawyers: “Here we go again. This is silly, no one is going to hack me. I don’t have anything worth hacking.” After the presentation, the lawyers go back to their offices and don’t change a single thing they are doing.

Such a cavalier attitude—”I’ve got nothing worth hacking” can lead to big headaches. Here’s a summary of what happened to just one unfortunate guy who did use good password practices.

This summer, hackers destroyed my entire digital life in the span of an hour. My Apple, Twitter, and Gmail passwords were all robust—seven, 10, and 19 characters, respectively, all alphanumeric, some with symbols thrown in as well—but the three accounts were linked, so once the hackers had conned their way into one, they had them all…. [T]hey used my Apple account to wipe every one of my devices, my iPhone and iPad and MacBook, deleting all my messages and documents and every picture I’d ever taken of my 18-month-old daughter.

If this is what can happen to someone using good passwords, what do you think can happen to you when you use crappy passwords?

If the threat of losing irreplaceable photos of your family isn’t enough to frighten you into good password practices, then how about a potential malpractice suit? I haven’t researched it, but I bet it isn’t too hard for a judge or jury to conclude that a lawyer is negligent for using an easily hackable password that leads to disclosures harmful to a client’s financial interests.

I don’t know about you, but I would not want to be the defendant in a test case like that.

Yes, good password practices can be a pain. So is locking your doors and setting an alarm. But you do it because you want to protect the things behind those doors. Passwords are your keys and alarm systems. If you use crummy ones, you’ll regret it. There are plenty of tools available (like this one or this one) to help you create and manage secure passwords. If you aren’t using one of them, you’re begging for trouble.

If you think it’s still too much trouble, good luck using that excuse with your malpractice carrier or your bar’s disciplinary authority.


2 thoughts on “Why are passwords so hard for lawyers?

  1. Mat Honan’s woes (that you describe above) probably could have been avoided if he had just enabled two-factor authentication on his Google accounts. Yes, it does add an extra layer of complexity, but in his case it would probably have stopped most of the damage from being done.

    1. Tom, thanks for your comment. I agree, Mat could have avoided a lot of problems with two-factor authentication. I use it, and it’s really only an annoyance if I’m logging in from a “new” computer (which could include a different browser). Still, if I’m trying to protect my data, I’m willing to put up with the slight inconvenience. This really is a situation where an ounce of prevention is worth a pound of cure.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s