Close
Enter your
text here

eDiscovery Daily Blog

Home » eDiscoveryDaily » Electronic Discovery » An Insufficient Password Will Leave You Exposed – eDiscovery Best Practices

An Insufficient Password Will Leave You Exposed – eDiscovery Best Practices

In the first year of our blog (which now has over 1,000 posts!), we published a post regarding the importance of a strong password.  Given recent events with the Home Depot data breach and several celebrities’ accounts being hacked on Apple’s iCloud, it seems timely to revisit and update the topic.

As a cloud software provider, we at CloudNine Discovery place a premium on the security of our clients’ data.  For example, the servers hosting data for our OnDemand® platform are housed in a secured, SAS 70 Type II certified Tier 4 Data Center in Houston (which is where our headquarters is).  The security at this data center is military grade: 24 x 7 x 365 onsite security guards, video surveillance, biometric and card key security required just to get into the building.  Not to mention a building that features concrete bollards, steel lined walls, bulletproof glass, and barbed wire fencing.

Pretty secure, huh?  However, no matter how secure a system is, whether it’s local to your office or stored in the “cloud”, an insufficient password that can be easily guessed can allow hackers to get in and steal your data.  Some dos and don’ts:

Dos:

  • If you need to write passwords down, write them down without the corresponding user IDs and keep the passwords with important documents like your passport, social security card and other important documents you’re unlikely to lose.  Or, better yet, use a password management application that encrypts and stores all of your passwords.
  • Mnemonics make great passwords.  For example, “I work for CloudNine Discovery in Houston, Texas!” could become a password like “iw4C9diht!”. (by the way, that’s not a password for any of my accounts, so don’t even try)  😉
  • Change passwords every few months.  Some systems require this anyway.  You should also change passwords immediately if your laptop (or other device that might contain password info) is stolen.

Don’ts:

  • Don’t use the same password for multiple accounts, especially if they have sensitive data such as bank account or credit card information.
  • Don’t email passwords to yourself – if someone is able to hack into your email, then they have access to those accounts as well.
  • Personal information may be easy to remember, but it can also be easily guessed, so avoid using things like your kids’ names, birthday or other information that can be guessed by someone who knows you.
  • As much as possible, avoid logging into sensitive accounts when using public Wi-Fi as it is much easier for hackers to tap into what you’re doing in those environments.  Checking your bank balance while having a latte at Starbucks is not the best time.

The best and most difficult passwords to hack generally have the following components – many systems, including OnDemand (we require at least three of these) – require one or more of these:

  • Length: Good passwords are at least eight characters in length.  Longer passwords may be more difficult to enter, but you get used to entering them quickly,
  • Upper and Lower Case: Include at least one upper case and one lower case character.  For best results, don’t capitalize the first character (harder to guess),
  • Number: Include at least one number.  If you want to be clever, “1’ is a good substitute for “i”, “5” for “s”, “4” for “for”, etc.
  • Special Character: Also, include at least one special character, for best results, not at the beginning or end of the password.

When you follow the best practices above, your password should be much more difficult to hack, keeping you from feeling “exposed”.

So, what do you think?  How secure are your passwords?  Please share any comments you might have or if you’d like to know more about a particular topic.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine Discovery. eDiscoveryDaily is made available by CloudNine Discovery solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscoveryDaily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

print




WHAT CLIENTS ARE SAYING ABOUT CLOUDNINE

Great value product.

“Offers the major features we were looking for, at a fraction of pricing of other competitors.”

I used CloudNine as part of fraud investigation for email searches.

“…The tag function made it easy to flag the search results. I was impressed with the ease of use for a first-time user. The speed and ease of loading data and being able to review it immediately is a tremendous advantage over other Cloud-based platforms.”

Excellent tool with outstanding support

“CloudNine Review is excellent, it takes the best of the (market leader) review solution and leaves out all of the fiddly bits that make that product excruciating to use. Their upload and processing is automatic, and their pricing structure is the best I’ve seen.”

Great software that is easy to log on, user-friendly, has a great layout, and is easy to navigate.

“…CloudNine is great at searching documents, including tagging, and exporting. Software tailored to our business needs and streamlined the task at hand.

Discovery Production

This software is easy to use and allows us to upload and download documents as they become ready, saving us both time and money.

Stephanie Plake, Assistant to Attorney at Law Office

READY TO SEE THE SOFTWARE IN ACTION?

Request a CloudNine demo and see how easy eDiscovery can be!

REQUEST A DEMO