With IoT (Internet of Things) connecting us to devices to do everything from adjusting the thermostat to giving travel directions, it can seem like an impossible task to manage all the passwords we use on a daily basis. It is vitally important that every device networked to our law office are protected by strong passwords.
NIST (National Institute of Standards and Technology) revised their guidance on passwords. Since 2003, the accepted advice on password security suggested by NIST typically recommended having passwords with special characters, capital letters and numbers, that are changed every 30 – 90 days. NIST revised its guidelines to recommend instead strong passwords that consist of a “passphrase,” that is a “memorized secret” of a sequence of words or other easy to remember text, but not easily guessed by hackers.
In tandem with strong passwords, use Two factor authentication (2FA) or multiple factor authorization (MFA). This simple step can add an extra layer of protection to all your devices.
However you generate and use your passwords, be sure you record in a safe place, off-site from where you devices are kept, the key to your password manager or to all your devices. This should NOT be kept in a spreadsheet labeled “Passwords”! This is needed in the event something happens to you and access is needed to your devices.