Since their inception, passwords have been met with strong resistance from lawyers. Reluctantly adopting them under pressure from their employers or insurance companies, lawyers often resorted to using simple and easily guessable passwords such as “123456” or the names of their pets, children, or favorite sports teams.
In their pursuit of convenience, they set themselves up for failure by reusing passwords, sharing them with colleagues, and leaving them in easily accessible places like Post-It stickers on monitors and keyboards. The consequences of data leaks and compromised credentials further underscore the urgent need to move away from passwords.
The Rise of Artificial Intelligence in Password Cracking:
With the advent of artificial intelligence (AI), passwords can now be cracked in less than a minute. Even complex seven-letter passwords, incorporating numbers, uppercase and lowercase letters, and symbols, can be deciphered in under six minutes. To mitigate this vulnerability, law firms must adopt passwords that are at least 15 characters long, combining uppercase and lowercase letters, numbers, and symbols. However, the increasing prevalence of mandatory two-factor authentication has only intensified security fatigue among lawyers.
The Passwordless Future:
While passwords won’t disappear overnight, the legal community needs to embrace the imminent shift towards passwordless authentication. In May 2023, Google made waves by allowing users to sign in to their websites without passwords. Leading technology companies like Apple, Microsoft, and Google are actively working on replacing passwords with passkeys, often utilizing biometric data such as fingerprints or facial recognition. Google has already extended support for passwords on Android phones and Chrome browsers, with Google websites following suit. Users have the freedom to test these new access methods while retaining the option to use traditional passwords.
Law Firms Embrace Passwordless Authentication:
Law firms, having grown comfortable with cryptographic standards behind passwords, are eager to combat data breaches and phishing attempts targeting their staff. Some password managers, such as Dashlane, offer the ability to store and use access keys instead of passwords. This development is met with enthusiasm by law firms as it simplifies the authentication process. Access keys are generated locally on devices and remain there during the authentication process, ensuring added security. Additionally, password recovery can be securely managed through cloud-based storage, safeguarding sensitive information.
Conclusion:
Passwords have long been a source of frustration and vulnerability for lawyers. However, the advent of passwordless authentication, powered by biometric data and access keys, presents an opportunity for increased security and convenience. As more systems embrace this innovative approach, passwords will gradually fade into obsolescence. Law firms stand to benefit from the improved cybersecurity and streamlined access provided by passwordless authentication methods. With the passwordless future on the horizon, lawyers and their firms can look forward to a more secure digital landscape.
Author Information:
Sharon D. Nelson ([email protected]) is a practicing lawyer and the president of Sensei Enterprises, Inc. She has held leadership positions in various legal organizations and has co-authored 18 books published by the ABA.
John W. Simek ([email protected]) is the Vice President of Sensei Enterprises, Inc. He is a Certified Information Systems Security Professional (CISSP) and Certified Ethical Hacker (CEH), specializing in digital forensics.
Michael K. Maschke ([email protected]) is the CEO and Director of Cybersecurity and Digital Forensics at Sensei Enterprises, Inc. He is a Certified AccessData Examiner and a certified information systems security specialist.
(Note: The information about the best traffic accident lawyer and pending cases seems unrelated to the topic and has been omitted.)