Security for Lawyers: What is Two-Factor Authentication and Why Should I use It?
Fun Fact: Many of the cyberattacks you hear about in the news could have been prevented with some basic precautions.
The recent WannaCry and WannaCrypt ransomware disaster, for example, was the result of unpatched Windows servers. Bad password policy is another major problem. In fact, if you’re using the same password on all of your accounts, we at Rocket Matter urge you to change them now.
For another layer of protection, two-factor authentication is a great choice (in a couple of years it may be standard and not a choice at all). Here’s how it works:
1. You log into a web application via your username and password.
2. You then type in a dynamically generated code that is sent to your smartphone (or a key fob).
With two-factor authentication, a malicious actor would need to have your username, password, and smartphone in order to access your account. It’s a very strong extra lock on the door.
To understand this a little bit better, let’s take a look at our favorite legal practice management software, Rocket Matter. Here’s how it works:
If you want to use two-factor authentication in Rocket Matter, you need to download an app to your smartphone called Google Authenticator. Once you log into Rocket Matter, a dynamic code is sent to the app. You enter that code into Rocket Matter, and you’re able to log in.
For more specific step-by-step instructions, take a look at our FAQ here.
If you’re using WordPress, take a look at locking down your website and blog with an app and plugin called Duo. The last thing you need is an embarrassingly defaced website.
Duo is available across many applications and a wide variety of industries, with WordPress being one of the more common applications.
When Duo is configured on WordPress, you first log in to your site with a simple username and password. You then get a Duo notification on your cell phone. The service can call you, in which case you can pick up the phone and hit a number. It can alternately open the Duo app on your phone, in which case you have to click a green checkbox.
The tradeoff with two-factor authentication is convenience: it’s a lot easier to login to something without your phone.
But in the world we live in, some extra precaution is extremely prudent and worth a little hassle.