In the face of the most recent security incident involving Facebook’s “view as” feature, you may be wondering whether you need to (again) change your password(s). Once upon a time, this wasn’t quite the ordeal it can now be. Long ago, in a land not-so far, far away — OK, so we are ready for a new Star Wars movie – we might have had passwords on a dozen or so websites, apps, etc. But nowadays, we have an ever-increasing number of passwords to remember – some may have dozens, or even hundreds, of log-ins to remember. And yes, we know, never use the same password for every site, and that “password123” is an invitation to be hacked.
So, we’ve spent lots of time coming up with new, complex, longer passwords. But how to remember all of them? Particularly when the convention wisdom has been that passwords should be changed every 60 to 90 days. That is still the protocol in many companies, agencies and government offices. ARGH! People resort to re-using passwords, writing them down, storing them on their phones, flash drives, or creating other reminders that create their own security problems.
One solution is to use a password manager – one like Keeper Password Manager, Dashlane or LastPass. When you use a password manager you have to remember only one password – the “key” to your password vault. Make it a good one, of course, but at least it’s only one. But if you are not inclined to use that kind of product, there’s still hope.
Recent thinking about password security is that passwords do not need to be changed as often. Sure, lots of the other “make a complicated password” advice applies. In fact, experts have suggested that a longer password is less likely to be hacked than a shorter one. There are still some “musts,” of course. In addition to making your passwords longer than before (closer to 20 characters), don’t have them start with a capital letter nor end with a special character, and please don’t use real names, dates of birth, address numbers or other information that can be ascertained through social engineering. A passphrase is better than a word – something only you would remember – and then maybe use only the first letter of each word.
Current advice is that you should change your password only about once a year (and particularly if you aren’t using multifactor authentication), if you believe it has been exposed in a breach or “security incident,” if there is evidence of malware on your computer, or – and should we really have to say this again?- you are using a password that can be easily socially engineered.
Still have questions about cybersecurity, law office technology, or other aspects of practice management? Call us at Practice 2.0, 602-340-7332, for advice or resources.