In today’s electronic world, a username/ID and password combination is the most common means of identification and authentication of users who are authorized to access e-mail systems, subscriptions, services and accounts and other access points or resources in almost every law office.

Most firms leave it up to their staff members to implement their own best password policies and practices. Most users have passwords that are easy to remember; they use them for every account, or worse, jot them down on post-its and place them around their workstations.

Password-cracking software has greatly improved as technology has improved. By automatically trying all possible combinations of keyboard characters, “crackers” can now locate passwords in hours where it used to take weeks. With online access today to almost every business and personal resource imaginable, it is easy to accumulate hundreds of subscriptions and accounts, each requiring authentication and identification, typically through the use of a combination user IDs and passwords. Keeping track of the various log-ins required to gain access to these accounts can be a nightmare.

What to do? There are several guidelines for creating strong passwords based on The U.S. Department of Defense Password Management Guideline, (http://www.itl.nist.gov/fipspubs/app-e.htm):

1. Use a unique password for every account. It is tempting to use the same password for all accounts, however, it is not a good practice because it creates a single point of failure that puts all your accounts at risk.

2. Don’t write down your passwords. Passwords are typically eight characters in length, the longer the better, up to sixteen characters.

3. Passwords should be replaced periodically, typically every 90 - 180 days.

4. Passwords should contain a mix of characters from all four dimensions, uppercase, lowercase, numbers and special characters.

While you may be scratching your head and saying “how am I going to do this?,” You will be happy to know there is password management software out there to make life easier for you. One of the best is RoboForm which you can download free for personal use or as a trial version for business and government use and purchase for less than $50.00 (www.roboform.com). RoboForm is an add-on toolbar for Windows that works for Internet Explorer and many other popular web browsers, including Mozilla Firefox and Netscape. RoboForm is protected by a master password that automatically memorizes passwords, logs into Web sites and fills in Web Forms. It also generates random passwords based on custom criteria that you can configure.

You will never again have to memorize passwords or log-ins. Additional features include password encryption, protection against keyloggers (hardware or software programs that log the keystrokes entered on a PC) and phishing (attempts by intruders to fraudulently acquire user names, passwords and credit card details).

There is a free portable version, RoboForm2Go which runs from a USB flash drive, solving the problem of using PCs at other workstations or on public PCs.

Other notable password management programs include:

1. Password Dragon (www.pasworddragon.com)

2. Password Manager (www.largesoftware.com)

3. MyPasswordManager (www.mypasswordmenager.com)

4. Billeo Toolbar (www.billeo.com)

If you have concern for your internet security, check with your firm’s IT administrator to find out if you can install a trial version of one of the above programs.

More News >>