Dolan Media Newswires
Passwords are the underwear of the digital age: You’ve got to change them.
Sidebar offers this gentle advice in the wake of a recent reminder of our online vulnerabilities. Earlier this month, SpiderLabs, a division of the cybersecurity service Trustwave, reported that it had discovered that about 2 million usernames and passwords for online accounts had been stolen between late October and late November. According to the report, the sites targeted included Facebook, Google, Twitter, Yahoo, LinkedIn, a couple of Russian-language social media sites and the payroll processing company ADP.
Investigators could not determine where the attackers were based or where their primary targets lived. What investigators did find out was that the most common password used by those whose log-ins were stolen was “123456.” Fourth most common stolen password? “Password.” Also in the top 10: “admin” and “1.” These are, to use the technical term, weak.
Of course, password vigilance will not save you from a malevolent keylogger, the keystroke-tracking program that enabled the recent thefts.
But it is the top recommendation of a recent American Bar Association panel titled “Am I Competent? The Ethical Use of Evolving Technologies.”
The webinar panelists discussed recent amendments to the ABA Model Rules, including 1.6: “Lawyers should take reasonable precautions to protect client confidences from inadvertent or unauthorized access or disclosure.”
Their most recommended precautionary measure was to make your passwords strong.
We asked Raleigh-based IT security researcher Steve Champeon of the anti-spam company Enemies List for password advice.
His first tip: “Make them hard to guess.”
The flipside is that you’ll stump yourself when you need to remember a seldom-used password.
Try using an algorithm created with words not commonly found together and vary it with a couple of letters from the domain. For example “switchplatefalocomotive” for your Facebook (fa) account. The ABA panel recommended a password of at least 12 characters, with a mix of numbers, letters and special characters.
The panelists also recommended that attorneys consider encryption, though it is not yet the ethical standard, and the use of apps or software that can remotely wipe a device in case it is lost or stolen.
Another tip from Champeon: Don’t use the same password on multiple sites. If your password for one gets stolen, it’s that much easier for a person or a botnet to plug it into other sites you use.
Third tip: Don’t rely on a single antivirus program but run two or three. “Just running one really doesn’t protect you much because they’ve gotten really sophisticated,” Champeon said.