World Password Day 20 Best Practices

Holly Sheriff MSLS • May 07, 2020

 

To celebrate World Password Day May 7, 2020, we’ve put together best practices for legal professionals. Protecting your client’s digital identity is more important than ever with working from home on the rise.

  1. Do not share your passwords with other people. Except for the case of a shared departmental.
  2. Never use the same password twice.
  3. Use a password locker, such as LastPass , Password Keeper , and Password 1 amongst others.
  4. Do not for any reason disclose any passwords through e-mail or over the telephone. If your password is accidentally disclosed to another person change it immediately.
  5. Change your passwords frequently.
  6. Do not write down your password. Do not write down your computer password and tape it to your computer monitor, the bottom of your computer keyboard, the bottom of your telephone, or any other place.
  7. Avoid entering passwords on computers you don’t control (like computers at an Internet café or library)—they may have malware that steals your passwords.
  8. Avoid entering passwords when using unsecured Wi-Fi connections (like at the airport or coffee shop)—hackers can intercept your passwords and data over this unsecured connection.
  9. Avoid using charging stations in public places, such as the grocery stores, airports, coffee shops, and gas stations. Hackers can “mirror” these devices and steal all the data on your phone.
  10. Write a “tip sheet” which will give you a clue to remember your password but doesn’t contain your password on it. Keep this tip sheet in a fireproof/waterproof safe or lockbox in undisclosed location from other people.
  11. Check your password strength. When signing up on a new site, if the site offers a password strength analyzer, pay attention to it, and heed its advice.
    Enable 2-Factor Authentication whenever possible.
  12. Be wary of single sign-on. Many websites offer you the ability to use your social media or email account credentials to sign into their website, without having to create a new account. While this can be helpful, there are a few possible risks involved with using it. When you choose to do this, you are also giving Facebook, Google, etc. access to more information about you than they already have and sharing information from your social media account with the new site or service. A final risk to consider is that if your social media or email account gets compromised, it means the other accounts you’ve used those login credentials for are also compromised.
  13. Create a separate email account to use for logging in to online accounts or making purchases. Creating an alternative email account that you can use for purchases can help protect your privacy, and help you avoid all of that spam in your actual email inbox. Many companies these days want you to create a new account, even for one-time interactions. Online shopping companies often encourage you to do this, even though it’s not a necessary part of doing business with them. If it’s not a company you’ll be doing business with regularly, consider skipping the account creation process, if possible.
  14. Avoid using dictionary words. These passwords are easy for hackers to figure out using an electronic dictionary.
  15. Passwords become harder to crack with each character that you add.
  16. Avoid using personal identifying information such as birth dates, social security numbers, kid’s names, spouse’s names, and pet’s names.
  17. Avoid playing social media games that ask personal questions, such as what high school you went to, what’s your favorite subject, what’s your favorite color, and etc. These games are usually designed by hackers to obtain answers to common security questions.
  18. Encrypt client documents with passwords is a great way to protect your client’s digital identity. Assign 10 different passwords to each client. You should mail the password to the client once you use it to secure a document.
  19. Avoid giving the password to the client over email or the phone. Some clients will require more than ten passwords. Each document you prepare should require a unique password to view, edit, and print it. You may even want to consider assigning each client a 4-digit caller pin for quick phone verification. This works well for offices with high employee turnover.
  20. Avoid sharing passwords with other people, even spouses, supervisors, and banks over virtual or video conferences.

Conclusion – Password Protection is vital

Password protection is vital to preserving and protecting your client digital identity. It’s the first line of defense and the first weakness. Help your clients by training your staff to use these 20 best practices. Remember to use these tips whenever you create a password to keep your client’s information safe and secure.

Need more support? Contact us anytime , we are glad to help! Talk soon!

Share by: