Category Archives: Passwords

The New Standard for Password Protection.

08 Friday Sep 2017

Posted by in Cybersecurity, Legal Technology, Passwords

Comments Off on The New Standard for Password Protection.

Tags

, ,

Best Practices for Passwords Updated After Original Author Regrets His Advice, by Nick Statt, The Verge

http://bit.ly/2ujlSyz

Did you ever use the word “password” as your password or work for someone who did? Maybe you added “1” at the end to make it more difficult to crack? Before we knew about the dangers of Internet hacking, we often used the same password for everything.

Now most of us use intricate passwords with upper and lowercase letters, numbers, and symbols, and never use the same password twice. Why? Because people like Bill Burr told us that was the best way to stay secure on the Internet.

Unfortunately, using irregular capitalization, numbers, and special characters, made our passwords easier to predict. We made it worse. We got lazy.  When we changed our passwords, often we would replace only a character or two at the most. This made our passwords easier to crack, and did little or nothing to make them more secure.

Now Mr. Burr encourages us to ignore his earlier advice, even though some of these complex passwords have stood the test of time. Unless you use a password generator, the advice now is to use random phrases that have no apparent connection. Happily, they are easier to remember and harder to crack at the same time. -CCE

Do You Use the Cloud for Document Storage or Production? Read This First.

28 Tuesday Feb 2017

Posted by in Attorney Work Product, Attorney-Client Privilege, Clouds, Confidentiality, Discovery, Dropbox, Emails, Encryption, Evidence, Insurance Defense, Legal Ethics, Legal Technology, Litigation, Passwords, Privilege and Confidentiality, Requests for Production, Sanctions, Subpoena Duces Tecum

Comments Off on Do You Use the Cloud for Document Storage or Production? Read This First.

Tags

, , , , , , , ,

Upload To File-Sharing Site Was Like Leaving Legal File On A Bench, Judge Says; Privilege Is Waived, by Debra Cassens Weiss, ABA Journal©

http://bit.ly/2mxwEcF

Many use the cloud for file storage and sharing when attachments are too big to send by email. If you use the cloud for storage, file-sharing or transfer, document management, project management, or anything similar, here is a cautionary tale.

The plaintiff insurance company sued the defendants, and sought a declaratory judgment on the defendants’ claim of loss by fire. The plaintiff’s investigator uploaded the entire claims file, including surveillance footage, to a drop-box cloud, Box, Inc. The link had no encryption or password. Access to the link alone allowed anyone to see the file.

He then sent the link by email to the plaintiff insurance company, who sent it to the insurance company’s attorneys, who inadvertently sent it the defendants’ counsel in response to a subpoena duces tecum.

The defendants’ counsel looked at it, but didn’t tell the plaintiff they had seen the privileged and confidential information. Inevitably, the defense sent the information back on a thumb drive to the plaintiff’s attorneys during discovery.

After vigorous arguments about confidentiality, work-product doctrine, attorney-client privilege, and disqualification of defense counsel, the facts and court’s reasoning make this an interesting read. -CCE

Law Offices Targeted By Hackers.

26 Tuesday Jan 2016

Posted by in Cybersecurity, Disaster Preparedness, Law Office Management, Legal Technology, Passwords, Technology

Comments Off on Law Offices Targeted By Hackers.

Tags

, , , ,

The Lawyers’ Guide to Hacking Threats, by Karen Conroy, Lawyerist.com

http://bit.ly/1POLdz2

International security authorities spent close to two years pursuing a criminal site called Darkode, where hackers could buy and sell malware meant to steal information. On the international site, which could only be accessed with a referral and a password, hackers advertised and sold their homemade software. Criminals who bought it could steal anything from Facebook follower lists to database account passwords.

*        *        *

Law firms are especially tempting to cyber criminals because of the value of the sensitive information stored on their networks. A majority of law firms have experienced some sort of hacking, with law firms that handle government contracts and international business being targeted most often. About 80% of the largest 100 law firms have experienced some sort of violation. . . .

Continue reading

2016 Tech Resolutions.

02 Saturday Jan 2016

Posted by in Android Phones, Cell Phones, Cybersecurity, Legal Technology, Passwords, Windows 10

Comments Off on 2016 Tech Resolutions.

Tags

, , , , ,

7 Technology Resolutions for a Better 2016, by Ian Paul, PC World

http://bit.ly/1R6wrcE

You may be ahead of the tech curve – maybe not. My bet is that you already have a smart phone and you probably have an iPad or some type of tablet reader. What about the rest of the things on this list? You have not want more than the tech you already have, but here’s some food for thought that scrapes the top of the tech iceberg. -CCE

More Goodies from iPhone J.D.

27 Saturday Jun 2015

Posted by in Apple, Apps, Cell Phones, iPad, iPhones, Legal Technology, Passwords

Comments Off on More Goodies from iPhone J.D.

Tags

, , , , ,

In the news, by Jeff Richardson, iPhone J.D. Blog

http://www.iphonejd.com/iphone_jd/2015/06/in-the-news297.html

The latest and greatest from Jeff Richardson. Good discussion on ways to make text messages look good at trial. New iPhone apps. The sale on the password manager app is too good to pass up. I particularly like the idea of using the Apple Watch for map directions. As always, Mr. Richardson shares the good stuff. -CCE

Lawyers Have Ethical Duty To Ensure Password Security.

19 Friday Jun 2015

Posted by in Cybersecurity, Legal Technology, Passwords

Comments Off on Lawyers Have Ethical Duty To Ensure Password Security.

Tags

, , , ,

Hackers Are Hacking; You Need A Password Manager, by Jeff Richardson, iPhone J.D.

http://tinyurl.com/ofet7ar

Password security has been in the news again this week, and I’m using this as an opportunity to remind all iPhone J.D. readers — especially all of us attorneys with a duty a protect confidential attorney-client information — that we ought to be using complex, different passwords. . . .

Continue reading

Don’t Have A PIN Lock On Your Phone? Hope Your Malpractice Insurance Is Up To Date.

16 Monday Feb 2015

Posted by in Android Phones, Attorney Discipline, Blackberry Phones, Cell Phones, Confidentiality, Cybersecurity, E-Filing, Emails, iPad, iPhones, Law Office Management, Legal Ethics, Legal Technology, Malpractice, Office Procedures, Passwords, Rules of Professional Responsibility, Supervising Support Staff, Technology, Technology

Comments Off on Don’t Have A PIN Lock On Your Phone? Hope Your Malpractice Insurance Is Up To Date.

Tags

, , , , , , , , , ,

Most Consumers Don’t Lock Mobile Phone Via PIN, by Ed Hansberry, DARKReading, InformationWeek©

http://tinyurl.com/plw76ut

My guess is that most people who use a smart phone access some kind of confidential information, such as your bank account or conversations with a client or the office. If you do not have a PIN lock on your smart phone, this truly is special kind of stupid.

This is not a hard one to understand. If you use your cell phone to communicate with clients, sync your phone to your office computer and docket, or attach yourself to your office and confidential information – without taking simple, basic security measures – you are  inviting a dangerous breach of confidentiality. -CCE

44% of respondents say it’s too much of a hassle, new survey reports.

People put a lot of sensitive info on their phones, but they often give little though to how secure their data is. In a survey by a security company, over half of the respondents said they didn’t bother with a PIN lock. This takes on a whole new dimension when you begin to understand how many of these people keep corporate data on the device.

Losing an unlocked phone can be far worse than losing a wallet. Emails on the device alone can reveal a wealth of information about the person, including where they bank, where they live, names of family members, and more. If company email is on the device, and it often is, there can be competitive information, salaries, system passwords, etc. If any of those emails contain links, often clicking on it will take you into the website, be it Facebook or a corporate portal.

According to Confident Technologies, 65% of users have corporate data on their phone, even though only 10% actually have a corporate issued device.

For that majority that don’t lock their phone at all, 44% said it is too much of a hassle to lock it and 30% said they weren’t worried about security. These are likely the same people that store things like social security numbers, passwords, and other sensitive information in text files or basic note applications. They may even store their computer’s password on a Post-It Note in their center desk drawer. . . .

Continue reading

iPriviledge – Is It Legal To Be Forced To Use Your Fingerprint To Unlock Your iPhone?

05 Wednesday Nov 2014

Posted by in Admissibility, Appellate Law, Apple, Cell Phones, Civil Rights, Criminal Law, Evidence, Fifth Amendment, iPad, iPhones, Legal Technology, Passwords

Comments Off on iPriviledge – Is It Legal To Be Forced To Use Your Fingerprint To Unlock Your iPhone?

Tags

, , , , , , , , ,

iPrivilege: Virginia Beach Judge Finds Prosecution Can Force Defendant To Supply Fingerprint To Unlock iPhone, by Evidence ProfBlogger, Editor Colin Miller, EvidProf Blogger

 http://tinyurl.com/lyvlk4o

In relevant part, the Fifth Amendment states that:

“No person…shall be compelled in any criminal case to be a witness against himself….”

The Supreme Court has stated that the Fifth Amendment only covers “testimonial” evidence that results from compelled communicative acts, i.e., acts which disclose the content of one’s mind. Therefore, the Fifth Amendment does not cover a suspect’s act of appearing in a lineup or giving a blood sample to determine whether there are drugs in his system. The Fifth Amendment also does not cover the act of completing a handwriting exemplar. Imagine that the police find an alleged confession note written by the defendant. The prosecution can force the defendant to complete a handwriting exemplar in which the defendant writes a pre-printed paragraph in his handwriting so that a handwriting expert can compare the exemplar and the confession note. All of these and similar acts are not communicative because they are nontestimonial in that they do not force the defendant to disclose the contents of his mind.

What about if the defendant has encrypted files on his computer? Can the prosecution force the defendant to decrypt them? Some courts have said no. Other courts have said yes.

Can the prosecution force a defendant to supply his fingerprint to use for the TouchID on his iPhone? For the last year, I’ve used this article to teach my students that a judge could likely order a defendant to supply his fingerprint to unlock his iPhone. Recently, this possibility has become a reality.

According to an article in SlashGear:

[A] judge has ruled that you can be forced to relinquish your fingerprint to investigators seeking access to your device. The reason, says the judge, is that the fingerprint isn’t knowledge like a password, but is instead a physical object of sorts, like a key or a DNA sample.

The ruling was made recently by Virginia Beach Circuit Court Judge Steven Frucci, and was the result of a case against EMS captain David Baust, who was accused of attempted murder. The case’s prosecutors wanted access to Baust’s phone, believing that it might have a video of the alleged crime, but the defendant’s lawyer argued against this.

And, according to an article in the Huffington Post:

[I]t’s unclear how the ruling will impact Baust’s case. If his phone is protected by Touch ID, prosecutors could access it using Frucci’s ruling. If the phone is protected by a passcode or both a passcode and Touch ID, they can’t . . . .

One workaround to this issue could be to just turn off your phone if cops approach. In that case, you’d have to enter your four-digit pin when you turn it back on, even if you use Touch ID. . . .

Want Stronger Passwords? Here’s How.

11 Saturday Oct 2014

Posted by in Legal Technology, Passwords

Comments Off on Want Stronger Passwords? Here’s How.

Tags

, , , , , ,

Make Your Passwords Harder To Crack, by Kerry Davis, PCWorld

http://tinyurl.com/ahnpsk4

There’s nothing you can do if hackers get into a database with your password in it, but you can still protect yourself for all the other worst-case scenarios involving hacking. In this video, we go over ways to make your passwords harder to crack. [Video found at PCWorld link.-CCE]

First, don’t make it easy on hackers by choosing a common password. Splashdata uses security breaches to gather ‘most popular passwords’ lists each year. The word ‘password’, number sequences, and other simplistic phrases or numbers fill the top spots. Also, don’t use your name, a password related to another one you might have on a different site, or a login name.

Instead, experts recommend using 15 characters, upper-case letters, better yet nonsensical words with special characters and numbers inside them.

Need help? Check out some free websites, like Strong Password Generator. This Macworld article on security in the iCloud age also has some suggestions on strong password creation.

Log In With Your Thumb – Now There’s An App For That.

20 Saturday Sep 2014

Posted by in Apple, Apps, Cybersecurity, iPad, iPhones, Legal Technology, Mac, Passwords

Comments Off on Log In With Your Thumb – Now There’s An App For That.

Tags

, , , , , , , ,

App of the Week: 1Password – Login to Apps and Sites with Your Thumb, by Tim Baran, Legal Productivity Blog

http://tinyurl.com/kw24hjs

Everyone should be using a password manager. It provides a strong, unique password for each online account and keeps them all in a secure, encrypted, yet quickly accessible place. Our favorite, 1Password, just got even better.

Here are three of the many new enhancements:

  • Login to Apps – Use 1Password to log into a growing list of your favorite apps and even update your passwords—all with just a tap!
  • Login to sites in Safari browser on your iPhone – You can now fill 1Password Logins directly within Safari.
  • Unlock with your thumb – After unlocking with your Master Password, get back into your vault in 1Password, Safari, and your favorite apps with just your thumb on devices with Touch ID. Check Settings > Security to learn how this works and pick your auto-lock time.

And, for the first time, 1Password is free for iOS devices.

I’ve used 1Password for a couple of years on my desktop, phone and iPad, and it’s quickly become indispensable. And, it keeps getting better!

Survey Says! iPhone Top Choice Among Attorneys.

24 Sunday Aug 2014

Posted by in Android Phones, Blackberry Phones, Cell Phones, Cybersecurity, iPad, iPhones, Law Office Management, Legal Ethics, Legal Technology, Mac, Passwords, Tablets, Technology, Technology

Comments Off on Survey Says! iPhone Top Choice Among Attorneys.

Tags

, , , , , , , , ,

2014 ABA Tech Survey Shows More Attorneys Using iPhones, But iPad Use Holds Steady, by Jeff Richardson, iPhone J.D. Blog

http://tinyurl.com/pxmhlf6

Every year, the ABA Legal Technology Resource Center conducts a survey to gauge the use of legal technology by attorneys in the United States.  My thoughts on the prior reports are located here:  2013, 2012, 2011, 2010.  No survey is perfect, but the ABA tries hard to ensure that its survey has statistical significance, and every year this is one of the best sources of information on how attorneys use technology.  Yesterday, the ABA released Volume VI of the report titled Mobile Lawyers.  This year’s report once again shows that a large number of attorneys are using iPhones and iPads.

Six out of ten attorneys now use an iPhone

In both 2014 and 2013, the survey revealed that 91% of attorneys use a smartphone.  (In 2012 the number was 89% and in 2011 the number was 88%.)  For the past four years, there has been a slight correlation between law firm size and smartphone use.  In 2014, for example, 86% of solo attorneys reported using a smartphone, 89% in firms of 2 to 9 attorneys, 95% in firms of 10 to 49 attorneys, and for firms with 100 or more attorneys, 96% use a smartphone.  As a whole, though, it is fair to say that the survey consistently shows around nine out of every ten attorneys use a smartphone. . . .

Is It Time For A “Bring Your Own Device” Policy for Your Law Office?

01 Tuesday Jul 2014

Posted by in Android Phones, Apple, Blackberry Phones, Cell Phones, Clouds, Computer Forensics, Confidentiality, Cybersecurity, Disaster Preparedness, Emails, Encryption, Google, Intellectual Property, iPad, iPhones, Law Office Management, Legal Blogs, Legal Ethics, Legal Technology, Mac, Management, Marketing, Passwords, PC Computers, Social Media, Supervising Support Staff, Tablets, Technology, Using Social Media

Comments Off on Is It Time For A “Bring Your Own Device” Policy for Your Law Office?

Tags

, , , , , , , , , , , ,

Mobile Device Security for Lawyers: How Solos and Small Firms can Ethically Allow Bring Your Own Device, by Will Harrelson, Curo Legal Blog (with hat tip to Jeff Richardson, iPhone J.D. Blog!)

http://tinyurl.com/lrrnp7g

The Start of Bring Your Own Device Policies

It really is the iPhone’s fault. Yes, Apple is to blame for designing the most desirable piece of technology of the last decade. So desirable, in fact, that employees of all stripes requested (and, often, begged) their IT departments to toss the increasingly-‘corporate’ Blackberry out the window and allow the use of their personal iPhones for corporate emails and calls. As a result, we have been living in the age of ‘Bring Your Own Device’ where employees use a single personal mobile phone (or tablet) for both their personal email, texting, and social media while also using it for work email, word processing, and other enterprise applications.

Before the Bring Your Own Device era, a company’s greatest out-of-office security concern was an employee who left a briefcase in a taxi. Today, the worry is an employee misplacing a device the size of wallet containing almost limitless amounts of data that criminals or hackers would easily and quickly exploit if given the chance. Clearly, there is an obvious financial motivation for all businesses to protect their own or customer’s sensitive data.

However, lawyers face particular ethical consequences if they fail to take reasonable efforts to either investigate the technologies that they implement or protect their client’s confidential information. . . .

Worst Passwords in 2013.

27 Sunday Apr 2014

Posted by in File Naming Conventions, Law Office Management, Legal Technology, Office Procedures, Passwords

Comments Off on Worst Passwords in 2013.

Tags

, , , ,

 The 25 Worst Passwords Of 2013: ‘Password’ Gets Dethroned, by Jared Newman, PC World

http://bit.ly/1ePbr3c

‘123456’ is finally getting some time in the spotlight as the world’s worst password, after spending years in the shadow of ‘password.’

Security firm Splashdata, which every year compiles a list of the most common stolen passwords, found that ‘123456’ moved into the number one slot in 2013. Previously, ‘password’ had dominated the rankings.

The change in leadership is largely thanks to Adobe, whose major security breach in October affected upwards of 48 million users. A list of passwords from the Adobe breach had ‘123456’ on top, followed by ‘123456789’ and ‘password.’ The magnitude of the breach had a major impact on Splashdata’s results, explaining why ‘photoshop’ and ‘adobe123’ worked their way onto this year’s list.

Fans of ‘password’ could reasonably petition for an asterisk, however, given that the stolen Adobe passwords included close to 100 million test accounts and inactive accounts. Counting those passwords on the list is kind of like setting a home run record during batting practice. Don’t be surprised if “password” regains the throne in 2014. . . .

The Mashable Hit List.

13 Sunday Apr 2014

Posted by in Android Phones, Apps, Cell Phones, Clouds, Computer Virus, Disaster Preparedness, Dropbox, Emails, Encryption, Google, Heartbleed, Identity Theft, Law Firm Web Sites, Law Office Management, Legal Blogs, Legal Technology, Malware, Office Procedures, Passwords, PC Computers, Search Enginges, Technology, Using Social Media

Comments Off on The Mashable Hit List.

Tags

, , , , , , , ,

The Heartbleed Hit List: The Passwords You Need to Change Right Now, The Mashable Team

http://mashable.com/2014/04/09/heartbleed-bug-websites-affected/

If you wondered whether any main specific websites are affected, such as Yahoo, this list will help you.  It will also help explain the Heartbleed bug,  and why you should pay attention to what it is. If you want to know whether your specific bank was compromised, this list may not answer all your questions. So, if you’re not sure whether you should change your password, go ahead and do it.

Even better, find a password manager in this list of the best of the best from PC Magazine by Neil J. Rubenking — http://www.pcmag.com/article2/0,2817,2407168,00.asp. If you use one password for more than one website — and lots of people do — this is a good solution and a wise move regardless of the Heartbleed bug. -CCE

 

Stolen Passwords – Is It Too Late?

07 Saturday Dec 2013

Posted by in Adobe Acrobat, Passwords, Search Enginges, Using Social Media

Comments Off on Stolen Passwords – Is It Too Late?

Tags

, , , ,

How to find out if your password has been stolen, by Larry Seltzer for Zero Day, ZDNet Blog

http://tinyurl.com/qcgnlzx 

There are many public databases of breached accounts, the largest breach being that of Adobe.com, but no way to search across all of them. Until now.

Two Million Passwords Stolen from Google, Yahoo, ADP, and Social Media – Make Sure Yours Wasn’t One of Them.

07 Saturday Dec 2013

Posted by in Passwords, Recent Links and Articles, Social Media

Comments Off on Two Million Passwords Stolen from Google, Yahoo, ADP, and Social Media – Make Sure Yours Wasn’t One of Them.

Tags

, , , , , , , , ,

Two Million Stolen Facebook, Twitter, Yahoo, ADP Passwords Found on Pony Botnet Server, by Violet Blue for Zero Day, ZDNet Blog

http://tinyurl.com/pnw3o72

This website also includes a way to find out whether your passwords were stolen. – CCE

Summary: Trustwave’s SpiderLabs found a Pony Botnet Controller server holding over two million passwords and account credentials for ADP payroll, Facebook, Twitter, Yahoo and more belonging to victims around the world.

     *        *     *

Interest turned to stunned surprise when the researchers uncovered a Pony Botnet server stabling over two million account credentials and passwords for Facebook, Yahoo, Google, Twitter, Linkedin, Odnoklassniki (the second largest Russian social network site) and more.

App to Secure Your Logins, Documents, and Pictures

19 Saturday Oct 2013

Posted by in Android Phones, Apps, iPad, iPhones, Legal Technology, Passwords, Tablets

Comments Off on App to Secure Your Logins, Documents, and Pictures

Tags

, , , , , ,

App Of The Week: OneSafe Password Manager – Secure Your Logins, Documents And Pictures, by Tim Baran, Legal Productivity
http://bit.ly/16ncoLv