The subject of passwords is one that is both fascinating and frustrating to me. We know that it’s getting easier and easier for hackers to crack our passwords; just three years ago, a nine-digit password would take 44,530 years to crack, but today that same password can be cracked in less than a day, according to Passfault. And yet, when I mention this in speeches that I give, lawyers invariably give a heavy sigh, roll their eyes, and promptly tune out. I know what they’re thinking: “12 digit password? It’s hard enough for me to remember the name of my dog and the numbers 123!” The idea of coming up with a different, really complicated password for every site we visit is just too overwhelming for most people – so they continue to use the same short, repetitive, simple passwords they have used for years.
So we shouldn’t be surprised to find out that the retailers where we set up our passwords are acting as enablers, allowing us to continue this practice of weak password-setting. In a new report out from password manager service Dashlane, the company found some pretty amazing practices among the Top 100 online retailers. Among the findings:
- 55% of the stores still accept notoriously weak passwords like “password” and “123456″ (seems like if the other 45% don’t allow it, this should be a simple problem to fix)
- 51% still allow you to keep trying out password after password even after 10 unsuccessful attempts. What this means is that the “brute force” hacker can keep beating away on the lock, until it finally finds a password that will unlock the door.
- 61% do not provide any guidance when setting a password, and 93% do not provide a password strength assessment. I would guess that those Password Strength meters are able to shame at least some people into setting a stronger password.
Interestingly, most of the sites mask your password as you enter it, which actually does very little to secure it – as a general rule, the password blank on a website is not unsecure, unless someone is looking over your shoulder as you enter it.
Security Expert Steve Gibson of Gibson Research Corporation took the data and put it into this great spreadsheet. Take a look and see how your favorite online retailer fared. Spoiler alert: it doesn’t look too good for Amazon, Walmart, or Dick’s Sporting Goods.
There’s no good solution to this problem yet, but it’s not for lack of trying. Google declared last year that “Passwords are Dead,” and companies are already using fingerprints, pictures, and even winking to avoid password-based access, with mixed results. Google talks about eventually moving to hardware token-based authentication, but we’re not there yet. Two-factor authentication is also a good way to secure access to websites – but try telling that to a lawyer who already has to remember a complex password. “Now you want me to use a 6-digit number on top of a password?”
So what do lawyers do now? I’ll come back to the best, easiest way to create and manage secure, complex passwords: the password manager. There are several password managers out there, including:
I’m not going to spend time comparing these tools with one another – although I’m partial to LastPass and 1Password, all of them will do a good job helping you to select and manage passwords. Just pick one and start using it.
In the next post, I’ll show how I use LastPass, so you can see how the workflow is easy and fast once you get the hang of it. In the meantime, let me know what you think – is this an issue that’s being blown out of proportion? If you don’t use a password manager, why not? Share your thoughts in the comments.
The latest episode of The Kennedy-Mighell Report is called Automation or Control: Why Attorneys Must Choose (I didn’t choose the title) – in it, we discuss the fact that technology services are increasingly connecting to each other, automating things that we used to have to do ourselves. For example, my Fitbit now talks to my scale, my fitness app, and the app I use to track the food I eat. It’s a great convenience that all of these services talk to each other – I don’t have to worry about entering information into each service. It just all works. Is that a good or a bad thing? For me, anyway, in most cases it’s a good thing; technology should be about making your life easier, not harder – and if you can find ways to automate the things you do now, then why not give it a try?
That is, however, until the technology decides it knows what you want better than you know what you want. An example of that happened to me this morning. I routinely use both Spotify and Songza to listen to music, when I’m working out or just plain working. Being apps in this age of social media, both services allow me to tweet or post to Facebook the songs that I’m listening to at any given moment. My sharing philosophy is not that granular; most people don’t really care about my taste in music – besides, why give people an extra reason to make fun of me? When I installed both of these apps, I specifically instructed them that I did not want them to post my music-listening habits to Facebook. That worked well, for awhile. Then I changed computers and reinstalled Spotify on the new computer. The default setting in Spotify is to “share everything,” so my Facebook friends were instantly treated to hours worth of my music listening. When an aggravated friend pointed out that “I love you, but I really don’t care about what music you listen to,” I finally became aware of the problem and (mortified) immediately corrected it by changing my settings in the Spotify desktop app. Problem solved…..right?
Not so fast. Spotify updated itself on the iPhone just this morning. Either the settings for the iPhone app are separate from the desktop app, or it just decided to ignore my earlier instructions. Anyway, Facebook friends were once again subjected to a steady stream of workout hits and country music. The net result is that I have disabled both Spotify and Songza within Facebook, so neither of those services can post to my Facebook page ever again.
I could have done this from the beginning – after all, I am under no obligation to connect any app I use to a particular social media service. But I always like to have the option of sharing something, whether it’s a song, my location, or a book I’m reading. But we are now in an age where “Share Everything” is the default setting – which can be very hard to monitor if you’re not the “share everything” kind of person. Tools could help us with this – they could remember our preferences on an account level, so that those settings could be applied no matter whether we change computers or get an updated version of the app. But not many apps do this – which puts the burden on us to keep track of all the relevant settings. I now understand why so many people choose not to share with most social services – it’s just too big a hassle to keep up with it.
I would seriously consider investing in a company that came up with the “social media dashboard” concept – one place where we could store all of our preferences on what/how we want to share information on the Internet. Each app we use would be required to connect to that dashboard to gather our preferences, then communicate them to whatever social media site we want to use. I doubt this kind of standardization is coming along anytime soon – but it’s nice to dream about it.
What are your thoughts? Is automation getting out of hand?
We’ll end the week with a fun blog – Blawgletter is published by Dallas lawyer Barry Barnett, and it features “legal bits you can hold onto.” He talks about a number of legal topics – recent posts have discussed Peer-to-Peer movie sharing opinions, the Supreme Court’s “first sale” decision, and other recent decisions of interest to lawyers.
I am finding that there are number of areas of law that give rise to a high percentage of law blogs of particularly low quality – and bankruptcy law is one of those areas. It’s so hard to find a bankruptcy law blog with any quality content on it. Today’s blog, from the Law Office of Shawn Wright, tries to give some practical advice to consumers who might be facing bankruptcy – the posts are helpful, and the tone is not really salesy.
The Securities Edge is a securities blog for middle-market companies – it focuses on topics of interest to executives of middle-market businesses. Recent posts have discussed topics that include “say-on-pay” litigation, the new private market for unlisted stocks, separating the positions of CEO and Chairman, and more. It’s published by Gunster, a firm with offices all over Florida.
I have to admit, when I saw the title of today’s blog – Screw You Guys, I’m Going Home – I didn’t immediately know what the topic would be. But the tag line says “What you need to know before you scream ‘I Quit,’ get fired, or decide to sue the bastards,” so today’s blog features some great posts on employment law. It’s published by Donna Ballman, an employee-side employment lawyer and author. Some of her recent posts have covered topics like Lies Your Employer Tells You, You Have the Right to Say No, and whether journalists are exempt from overtime. Good stuff.
Today we venture to the Beehive State and visit the Utah Appellate Blog, which reports on cases before the Utah Supreme Court, Utah Court of Appeals, and the Tenth Circuit. As with most appellate blogs, you’ll mostly find posts here on different cases decided by these courts, so it’s good if you’re looking for some explanation and analysis of recent appellate decisions in Utah. It’s published by a number of lawyers from Zimmerman Jones Booher, LLC, a Salt Lake City firm.
When I talk to lawyers about using the iPad in their practice, I invariably get around to telling them that for some reason, app developers have really concentrated on making apps for litigators more than for any other type of legal practice. And that’s a great thing; having worked for more than 6 years as a trial technologist at my old firm, I saw that it was next to impossible for lawyers to use technology at trial without assistance from a paralegal or technologist, hired or otherwise. Lawyers who didn’t have the resources were stuck with hauling boxes of paper to the courtroom, and watching as better-equipped lawyers across the aisle presented their cases effectively and efficiently using technology.
For those lawyers who want to use technology in the courtroom at hearings or in trial, the iPad has really helped to level the playing field. You can now go into court with nearly your entire case on a slim tablet – depositions, exhibits, legal research, and you can also use the device to take notes and keep track of trial testimony.
I’m thrilled to announce that my latest book, iPad in One Hour for Litigators, is now available for purchase in the ABA Bookstore, and soon in the iBookstore. Like my other “One Hour” books, you can probably read the entire book in an hour; to do everything I mention in the book will take you a lot more than one hour, because I mention a lot of things that lawyers can do to more effectively use the iPad in litigation matters. I approached the book much as I would approach a new case, and explored the different types of apps you can use for each phase:
- A New Case – Managing Details and Deadlines
- Discovery – Documents and Depositions
- Preparing for Trial with the Right Accessories
- Legal Research on your iPad
- Picking a Jury, iPad Style
- Evidence Presentation
- Tips for Using the iPad in Court – advice from lawyers who are using the iPad in the courtroom every day
I tried to mention all of the apps currently on the market that are worth a look – but as is the nature of technology, new apps continue to appear that can help a lawyer at trial. I’ll try to mention new apps I like here on the blog, and keep you up to date on improvements made to apps described in the book.
I hope you enjoy the book!
The ADR Toolbox is a curated collection of news, resources and information for professionals in the alternative dispute resolution industry. It’s brought to you by Donald R. Philbin, a San Antonio, Texas lawyer. Some of the recent posts discussed topics like large law. As a curated blog, Philbin doesn’t create any of the content himself – he’s gathering content from around the web so you can read it all in one place. There are recent stories in the areas of mediation, negotiation, arbitration, and other ADR topics, but he also covers business, psychology, economics, and neuroscience topics as well.
An intellectual property law blog for you today – it’s called Retail Patent Litigation, and it’s designed to help retailers understand patent litigation and how to effectively and creatively drive their individual cases to positive resolution. The blog is published by R. David Donoghue, a partner with Holland & Knight’s Chicago office. He has recently been discussing topics including the SHIELD Act, recent retail patent litigation cases, and others.
Subscribe to Inter Alia by Email
The Latest from Twitter
- This came today. It's a great guide for bloggers, whether you're a lawyer or not. Get it here: http://t.co/HldaMH4q7L http://t.co/zlKSDqyPJh 01:07:43 PM February 27, 2014
- Hey @nammitruck, when do you open at Kyle Warren Park? 11:42:00 AM February 22, 2014
- The latest ep of the Kennedy-Mighell Report is out: Living in Multiple Tech Worlds: Windows, Mac and Android http://t.co/DEyUincVdR 08:09:13 PM February 18, 2014
- Now *that’s* how to kick off a new season. Awesome. #HouseOfCardsSeason2 08:22:31 PM February 14, 2014
- Operation Mincemeat: How a Dead Man and a Bizarre Plan Fooled the Nazis and Assured an Allied Victory