Colorado Supreme Court

Office of Attorney Regulation Counsel

Promoting Professionalism. Protecting the Public.

Password Protection 101
Take these steps to prevent hackers from guessing your password

Spring 2015

In our inaugural Tech Talk article earlier this year, we stressed the importance of securing your email by using encryption programs, secure email services, or cloud software to keep people from hacking in. But here’s a little secret: You can buy the biggest padlock in the world, but if a criminal can guess the combination, it doesn’t do a lick of good.

We’re talking about passwords. And a strong one is one of the best preventions against exposing your information — and the information of your clients.

What does that look like? A strong password should:

1.      Be at least eight characters long, the longer the better

2.      Include upper and lower case letters and at least one number and one symbol

3.      NOT include any obvious information connected to you (birthdate, children’s names, addresses, etc.)

4.      NOT use common phrases, but instead be grammatically incorrect and substitute numbers for certain letters

5.      NOT be used on multiple accounts.

6.      Be changed regularly

7.      Never be written down

About that last tip. You might wonder “If I’m supposed to have different passwords for different accounts, how do I remember them all.” (In fact, a recent survey showed that 30 percent of us write down our passwords and store them nearby, often in a desk drawer.)

Instead of sticky notes, try a password manager program, which will safely store all your passwords and recall them quickly when you need them.

The threat is not idle. Target, Home Depot and JP Morgan Chase have all suffered serious breaches of their systems in recent years. And small businesses are prone as well. According to a 2013 survey by the National Small Business Association, 44 percent of them have been exposed to cyber attacks.

When hackers attacked the phones of celebrities like Jennifer Lawrence last year, it wasn’t some digital genius cracking an encrypted file. It was what is called a “brute force attack,” in which hackers use software to try a variety of common words or phrases to gain access to a person’s account.

For attorneys, it’s likely not pictures, but rather confidential client information that they want to keep safe. Taking steps to create a strong password is part of the profession’s  duty of confidentiality.

Your passwords are like your house keys. They are the primary barrier preventing malicious and harmful conduct. If someone can obtain them easily then all other security measures are undone. It is well worth the effort to create and maintain strong passwords for all your accounts, both personal and professional.

Brett Corporon is the Director of Technology for the Office of Attorney Regulation Counsel. James Carlson is the Information Resources Coordinator for the Office of Attorney Regulation Counsel.