Comment 8: Is This Thing On?

Posted on Posted in Comment 8

I was reminded today about the importance of passwords. Right off the bat we all know why they are important: passwords are a way we protect accounts and data by limiting access. This is all well and good until the, unfortunately common, worst-case scenario comes up.

What happens when you forget your password?

Strategy One: Rapid-firing every password you’ve ever had in the hopes that you get lucky.

What you think will happen: You get lucky.

What will probably happen: You’ll make the problem worse.

But why?: One of the easiest and most common types of cyber-attacks is called brute forcing. Brute forcing is automating the process of you trying to get lucky by entering every password you’ve ever used. Literally throwing hundreds or thousands of passwords a minute. To defend against this type of attack, sites will often lock out a user how has entered the wrong password too many times.

These lockouts can be timed (lasting from minutes to days) or you may need to contact support to authenticate yourself before your account is unlocked. You can see how this can make a bad problem worse.

Strategy Two: Using the tools available to reset your password.

What you think will happen: Your password will quickly be reset and you won’t be inconvenienced.

What will probably happen: There is a whole bunch of little things that can go wrong.

But why?: The process to reset your password is usually dependent on several different systems. One reason for this is because it makes it more difficult to reset your password, and this difficulty helps make your account more secure. That is why a password reset is usually communicated through a second channel (like an email address or your phone). But what if you forgot the password to your email? What if you don’t have your phone? What if you do have your phone but the network is down, so you can’t get a call or SMS Text?

This is just a few of any number of possibilities that can arise when resetting your password.

Strategy One and Two are often combined together by users and become a cycle of lockouts, resets, and new password. You make a new password. You forget your new password. You make a new password. I see this from users all the time, but you can break the cycle.

Strategy Three: Get a password manager.

What you think will happen: You’ll only have to remember one password.

What will probably happen: You’ll really only have to remember one password.

But why?: Because the password manager remembers your passwords for you. Seriously, I’ve talked about all this before.

 

The ABA Rules of Professional Conduct, Model Rule 1.1 Comment 8 requires, “To maintain the requisite knowledge and skill, a lawyer shall keep abreast of changes in the law and its practice, including the benefits and risks associated with relevant technology.” To that end, we have developed this regular series to develop the competence and skills necessary to responsibly choose and use the best technologies for your educational and professional lives. If you have any questions, concerns, or topics you would like to see discussed, please reach out to e.koltonski@csuohio.edu.

 

Share