Should Law Firms Use a Password Manager?
You know your passwords should be long, unique, and different from one login to the next. But if you actually follow those cybersecurity guidelines, you’ll have a tough time remembering all your passwords.
Instead of writing down everything somewhere that risks being found by someone else or lost or in a document that can be hacked, more and more law firms are turning to password managers.
What is a password manager?
A password manager is software that stores all your long, unique passwords in an encrypted database. If you need to log in to an account that requires one of those passwords, you do so through the password manager.
Thus, you only have to remember one password. Password managers use two-factor identification—and must already be downloaded to the device you’re trying to log in from—so they offer more security.
While most password managers offer free versions, you may need to pay a few dollars a month to access the version that will best meet your firm’s professional needs.
What should lawyers look for?
A password manager keeps your passwords safe—but only insofar as your access password is also safe and the password manager isn’t successfully hacked.
To the first point, that’s your responsibility. Don’t save your password somewhere on your computer. Instead, have it written down and kept in a safe so that it can be accessed if you really need it.
Second, make sure your password manager is up to snuff. Major password managers are subject to many hacking attempts, which they need to be able to withstand.[1]
Make sure to:
- Avoid password managers that haven’t been around for long enough to have proven their mettle. Even if you’re paying for it, your password manager won’t be a significant enough portion of your budget to make it worth the risks of trying to save by using a new company that hasn’t been widely tested yet. So stick to software that’s been around for long enough—and successful for long enough—to have a dedicated community following.[2]
- Use two-factor authentication.
- Don’t use password managers that offer to recover your password for you, if needed. You are the only one who should know your master password.
Ultimately, a password manager can make your firm’s accounts more secure. The best password manager for your firm will vary according to your individual preferences, but make sure it’s an established company with multiple-factor verification that doesn’t know your master password.
References
1. Hack Brief: Password Manager LastPass Got Breached Hard
2. Password Managers