That’s the question Tom Mighell poses in his latest blog post.
I haven’t given as many presentations as Tom about the need for good password practices, but I have seen the same reaction from many lawyers: “Here we go again. This is silly, no one is going to hack me. I don’t have anything worth hacking.” After the presentation, the lawyers go back to their offices and don’t change a single thing they are doing.
Such a cavalier attitude—”I’ve got nothing worth hacking” can lead to big headaches. Here’s a summary of what happened to just one unfortunate guy who did use good password practices.
This summer, hackers destroyed my entire digital life in the span of an hour. My Apple, Twitter, and Gmail passwords were all robust—seven, 10, and 19 characters, respectively, all alphanumeric, some with symbols thrown in as well—but the three accounts were linked, so once the hackers had conned their way into one, they had them all…. [T]hey used my Apple account to wipe every one of my devices, my iPhone and iPad and MacBook, deleting all my messages and documents and every picture I’d ever taken of my 18-month-old daughter.
If this is what can happen to someone using good passwords, what do you think can happen to you when you use crappy passwords?
If the threat of losing irreplaceable photos of your family isn’t enough to frighten you into good password practices, then how about a potential malpractice suit? I haven’t researched it, but I bet it isn’t too hard for a judge or jury to conclude that a lawyer is negligent for using an easily hackable password that leads to disclosures harmful to a client’s financial interests.
I don’t know about you, but I would not want to be the defendant in a test case like that.
Yes, good password practices can be a pain. So is locking your doors and setting an alarm. But you do it because you want to protect the things behind those doors. Passwords are your keys and alarm systems. If you use crummy ones, you’ll regret it. There are plenty of tools available (like this one or this one) to help you create and manage secure passwords. If you aren’t using one of them, you’re begging for trouble.
If you think it’s still too much trouble, good luck using that excuse with your malpractice carrier or your bar’s disciplinary authority.