Privacy and Security Tips for Avoiding Financial Chaos

Citation metadata

Date: Fall 2018
From: American Journal of Family Law(Vol. 32, Issue 3)
Publisher: Aspen Publishers, Inc.
Document Type: Article
Length: 4,032 words
Lexile Measure: 1320L

Document controls

Main content

Article Preview :

Below are tips for avoiding financial chaos in a law office.

SINGLE FACTOR AUTHENTICATION

Single-factor authentication imposes a single-factor verification process of your right to access the account you want to access. Most sites employ the standard username and password to authenticate your right to access (that counts as single factor even though you need to have both). Although not perfect, this approach is a foundation-level security step. You can take precautions to make this a more solid and reliable step by selecting a strong password and keeping it secure.

There are many benefits to employing a routine change of passwords into your practice. For one, it limits how long a stolen password is useful to the data thief. If someone stole your password and operated undetected, you would cutoff their access by routinely changing your password, mitigating the damage done. Most security guidelines suggest you change your passwords every 30 to 180 days.

However, there are studies available that indicate that routinely changing your passwords will not increase your security. Microsoft conducted one such study in 2009 which revealed that mandatory password changes cost billions in lost productivity, and endless frustration to employees. There was little security payoff, since users routinely choose variations of the same simple password (e.g., password2016). Security expert Bruce Schneier wrote in one of his blogs that most attackers will not be passive. If they gain access to your financial information, they will most likely transfer your money out of your account right away, so even changing it every 30 days would not save you. With private networks at your law office, a targeted hacker attack might be stealthier and hang around to eavesdrop, but more than likely the hacker will ditch the password and install a backdoor access program. A backdoor program will allow the hacker access to your computer whenever it is on the Internet. Regular password changes will not close this backdoor access.

Add to this chaos the fact that hackers have access to machines that can break 348 billion NTLM password hashes per second (NTLM is a password encryption algorithm used in Windows.) At 348 billion hashes per second, this hardware can crack any 8-character password in around 5-1/2 hours. This supports the idea that routinely changing the passwords for your financial and network accounts won't do you much good. Your best practice would be to evaluate how secure your password is, maybe change it every few years as hacking equipment evolves. If you want to get an idea about how long it would take a hacker to identify your password, check out any of these websites:

* Microsoft's Password Checker (https://www.microsoft.com/security/pc-security/passwordchecker.aspx)

* https://howsecureismypassword.net/

* http://www.roboform.com/how-secure-is-mypassword

*NOTE: As an extra security measure, when checking the strength of your password, don't use your actual password, but one that mirrors it in terms of length and character variety.

You should change some passwords though, especially if your life circumstances change, such as following a break up or divorce. You should also routinely change passwords for communication-type...

Source Citation

Source Citation   

Gale Document Number: GALE|A555588859