Why everyone in the legal profession needs to use a password manager

September 9, 2020

In a 2018 Legal Technology Survey Report, 23% of attorneys and law firms experienced a data breach. Cybersecurity issues have been a significant concern for law firms as they try to enhance law firm security. Cybercriminals target law firms to access client information like business plans and trade secrets.

As such, it’s no longer business as usual for lawyers. They can’t continue assuming that their document systems are safe or of no interest to these criminals. Unfortunately, only 24% of lawyers use a password manager on their networks.

Enhancing law firm security should be a top priority for any law firm that cares about its reputation. Securing a firm’s data is not a one-time thing, as the threats are continually changing. Let’s look at the importance of secure passwords and how a law firm can have them.

A. What Makes a Password Not Secure?

People who use passwords that are easy to guess are targeted by hackers all the time. Unfortunately, plenty of people are still using ‘123456’ and ‘password’ as their password. Regardless of the danger, people keep using them for one important reason —

They are easy to remember.

Today, people have one password for everything. Even if they can remember one long random string of letters, numbers, and symbols, that’s not enough. Password safety 101 dictates not using the same password for multiple accounts.

This is why people keep using secure passwords. It’s merely more convenient until it isn’t.

B. What Makes Lawyers a Target?

Most people assume they are safe and that hackers are too busy targeting high-profile people and government agencies, but that simply isn’t true.

Remember what we said at the beginning? — nearly a quarter of all law firms experienced a data breach in one year alone.

Lawyers handle a lot of sensitive data for their clients, and hackers are eager to get their hands on it. Law firms have a duty to their clients to protect this data to the best of their ability.

C. The Easy Way to Secure Data

So, what is the best way to secure data? It’s unreasonable to expect to remember multiple long strings of random characters, but strong passwords are an essential security tool for defeating hackers.

This is why many people are using password managers. These handy apps generate strong passwords complete with numbers, letters, special characters, emojis, and whatever else for every online account. Then, users securely store them and input them when required.

The user has to remember only one master password to access the app. The app can be downloaded across multiple devices. Secure, strong passwords are available for all accounts with ease.

D. Stay Secure

Lawyers are busy people. Generating and memorizing lists of strong passwords for their online accounts is not high on their priority list while securing client data should be.

Using a password manager takes all the effort out of the process. Your firm’s lawyers don’t even have to create the password; The app takes care of everything.

A data breach can devastate a law firm, costing thousands of dollars and damaging its reputation. Don’t let your firm be the next to take a hit. Get started with a secure password manager today!

When a hacker wants to break a password, the first step will be a dictionary lookup attack, which means that multiple words from the dictionary are entered as the password. This will break into 25% of accounts and only takes seconds. That is why companies encourage you to create a complex password that has numbers, characters, upper and lower case letters, and symbols.

The password “norman” has 320,000,000 different combinations and can take less than a second to hack.

The password “Aq60xMBN#$” has 60,510,648,114,517,017,120 combinations and would take 20 years to hack.

The website, How Big is Your Haystack has a great tool that I used to determine the length of time time to do a brute force hack: http://bit.ly/2gvxSTn[WE1]

While implementing a complex password is a significant first step, there is still the problem of someone stealing the password from a compromised website.


In 2013, hackers broke into Adobe’s website and stole my username, password, password hints, and answers.

So, even if I had a complex password like Aq60xMBN#$, the hackers would now have it, and my email address and could attempt to hack all sorts of sites using that combination.

Therefore, you must have a different complex password for every website you use. That is impossible for a human to do unless you carry a notebook with you at all times.

The solution is to have a password manager that generates different complex passwords for every site you use.


The picture above shows RoboForm, which generates random complex passwords and stores them for every site. To open RoboForm, I have to know just one password, which is referred to as my master password. Once I log in, RoboForm creates and saves all my passwords.

RoboForm is cross-platform, so it synchronizes data in all my browsers on both my Mac and PC and on iPhone.

What happens if someone hacks my RoboForm username and password? They would have access to all my passwords. This is not a concern; this website might shed some reasons why: http://bit.ly/2gvuB6z

Has your password ever been compromised?

Go to the website Have I Been Pwned and put in your email address. It will tell you how many times your email address and password have been stolen.

Here are some Excellent Reviews of Password Managers