Full Text

Below are tips for avoiding financial chaos in a law office.

SINGLE FACTOR AUTHENTICATION

Single-factor authentication imposes a single-factor verification process of your right to access the account you want to access. Most sites employ the standard username and password to authenticate your right to access (that counts as single factor even though you need to have both). Although not perfect, this approach is a foundation-level security step. You can take precautions to make this a more solid and reliable step by selecting a strong password and keeping it secure.

There are many benefits to employing a routine change of passwords into your practice. For one, it limits how long a stolen password is useful to the data thief. If someone stole your password and operated undetected, you would cutoff their access by routinely changing your password, mitigating the damage done. Most security guidelines suggest you change your passwords every 30 to 180 days.

However, there are studies available that indicate that routinely changing your passwords will not increase your security. Microsoft conducted one such study in 2009 which revealed that mandatory password changes cost billions in lost productivity, and endless frustration to employees. There was little security payoff, since users routinely choose variations of the same simple password (e.g., password2016). Security expert Bruce Schneier wrote in one of his blogs that most attackers will not be passive. If they gain access to your financial information, they will most likely transfer your money out of your account right away, so even changing it every 30 days would not save you. With private networks at your law office, a targeted hacker attack might be stealthier and hang around to eavesdrop, but more than likely the hacker will ditch the password and install a backdoor access program. A backdoor program will allow the hacker access to your computer whenever it is on the Internet. Regular password changes will not close this backdoor access.

Add to this chaos the fact that hackers have access to machines that can break 348 billion NTLM password hashes per second (NTLM is a password encryption algorithm used in Windows.) At 348 billion hashes per second, this hardware can crack any 8-character password in around 5-1/2 hours. This supports the idea that routinely...