by LAWPRO

The following is an excerpt from practicePRO’s Managing the Security and Privacy of Electronic Data in a Law Office booket.

Creating “strong” passwords Create passwords that are harder to guess or figure out. These are called strong passwords and they are more difficult for password-cracking tools to determine. Password-cracking software uses one of three approaches: intelligent guessing, dictionary attacks, and automation. Automation is sometimes called brute force as it simply tries every possible combination of characters. Given enough time, the automated method can crack any password. However, it still can take months to crack a strong password.

For a password to be “strong”, it should:

  • Be at least eight characters long;
  • Contain at least one character from each of the following four groups: • Uppercase letters A, B, C, …;
    Lowercase letters a, b, c, …; Numerals 0, 1, 2, 3, 4, 5, 6, 7, 8, 9; and Symbols (all characters not defined as letters or numerals, including: ` ~ ! @ # $ % ^ & * ( ) _ + – = { } | [ ] \ : “ ; ‘ < > ? , . /
  • Have at least one symbol character in the second through sixth positions;
  • Be significantly different from any passwords you have used previously;
  • Not contain your name or your computer user name; and
  • Not be a common word or name.

Treating passwords as confidential keys to your computer helps properly secure your firm and client data.