• Client Portal
    • Support
    • Contact Us
    • 1.800.541.0450
    • Request a Free Consultation
ICS_Logo_transparent.png
  • Practice Groups
  • Services
  • Partners
  • About Us
  • News & Events
  • Resources
  • Blog
Innovative Insights

Law Firm Cybersecurity Tips: Hashcat* Will Eat Your Long Passwords

Posted by Logan Byrd | March 1, 2016 9:55 AM |

  • Tweet

Let’s talk about passwords.

 

Most people’s idea of a good password is one which is easy to remember, and which meets the absolute minimum requirements of their business systems and IT policy. Over the years, between constant reminders from the information technology community and constant news reports about major security breaches, we have all begrudgingly accepted that our passwords need to be a little longer, a little more complex and a little more inconvenient for us to use.

 Hashcat Will Eat Your Passwords (image: NYPL Public Domain)

The technology used by cybercriminals to crack passwords is always improving, however, and even a 52-character password made up of obscure words and phrases, such as “Ph'nglui mglw'nafh Cthulhu R'lyeh wgah'nagl fhtagn1.” can be brute-force cracked in an ever-shrinking amount of time. 

 

Thankfully, the tools and defenses standing between a hacker and your systems include more than just a strong password. In addition to older, more common practices such as password complexity requirements and temporary account lockouts after a certain number of attempts, more and more organizations are adopting more innovative — and secure — measures.

 

The government and other high-security facilities have long used biometric authentication, which involves a fingerprint or other unique piece of physiological data about a person being used in place of, or in addition to, a password. Biometric measures are becoming cheaper to implement, but they are still often difficult and expensive to integrate with existing systems.

 

Perhaps more exciting, and certainly faster growing, is the use of two-factor authentication, which is a system where, in addition to their traditional password, the user is asked to enter a second piece of data, which is randomly generated for them at the time of logon, on a physical device that only they should have access to. A simple example of this would be an online service texting you a code before allowing you to change your account’s password. This means that in addition to compromising your password, a would-be intruder would also need to steal your authentication token or smartphone, and sometimes need to know a special PIN number as well. For the user, this involves the minor inconvenience of entering two passwords instead of one, but since one of these is not a static password, this can prove an insurmountable obstacle for a hacker.

 

Any kind of security measure, from locks on your front door to thumbprint scanners on your keyboard, provides you with protection at the cost of a loss of convenience. In today’s high-risk computing world, allowing users to continue using simple, easily remembered passwords is increasingly equivalent to leaving the office’s front door unlocked at night.

 

*Hashcat is a password decryption tool widely used by both password cracking criminals and the security community.

 

 

Download our recent article for more advice on countering the "Top 5 Cybersecurity Threats Facing Law Firms."

Read More 

 

This is the first post in a five-post series on hardening your law firm against cybersecurity threats. The second post, on maintaing your cybersecurity software solutions can be found here.

 

 

 

Topics: Malware, Access Control, Dual Factor Authentication, cybersecurity, Hashcat, Passwords, Biometric Authentication, Two Factor Authentication, Ransomware

Comment on this post

Recent Posts

Categories

  • cybersecurity (127)
  • IT Tips (89)
  • Technology Consulting (73)
  • Security (55)
  • Cybercrime (44)
  • 31 Days of Law Firm Data Security (33)
  • Cloud (31)
  • Training (31)
  • Malware (26)
  • Information Security (23)
  • Passwords (21)
  • Email Management (20)
  • Email Security (19)
  • Ransomware (18)
  • Cloud Storage (17)
  • phishing (17)
  • Alerts (16)
  • Hacking (16)
  • 2FA (15)
  • Two Factor Authentication (15)
  • Disaster Recovery (14)
  • Webinars (14)
  • iManage (14)
  • Articles (13)
  • Data Backups (12)
  • Network (12)
  • ECM (11)
  • Managed Services (11)
  • Microsoft (11)
  • DMS (9)
  • ILTA (9)
  • Information Governance (9)
  • Business Continuity (8)
  • CCPA (8)
  • End of Support (8)
  • Endpoint Protection (8)
  • Partner Series (8)
  • whaling (8)
  • End of Life (7)
  • Office 365 (7)
  • SentinelOne (7)
  • ALA (6)
  • COVID-19 (6)
  • Data Recovery (6)
  • DocsCorp (6)
  • Document Management (6)
  • Employment (6)
  • Infographic (6)
  • Partners (6)
  • Privacy (6)
  • Access Control (5)
  • Antivirus (5)
  • Dual Factor Authentication (5)
  • APTs (4)
  • Client Audits (4)
  • Consumer Privacy (4)
  • Cybersecurity Infographic (4)
  • Enterprise Mobility Management (4)
  • FBI Internet Crime Complaint Center (4)
  • Federal Trade Commission (4)
  • Innovative Cloud Solution (4)
  • Mimecast (4)
  • Mobile (4)
  • Publications (4)
  • Windows 10 (4)
  • Word (4)
  • Cloud Infographic (3)
  • Duo (3)
  • Events (3)
  • Microsoft SQL Server (3)
  • Our Team (3)
  • PII (3)
  • Penetration Testing (3)
  • Remote Access (3)
  • Secret Service (3)
  • Survey (3)
  • US-CERT (3)
  • Virus (3)
  • Windows 7 (3)
  • Yahoo (3)
  • cleanDocs (3)
  • iManage Work (3)
  • videoconferencing (3)
  • ALA 2016 (2)
  • ALA 2017 (2)
  • AWS (2)
  • Advanced Persistent Threats (2)
  • Association of Legal Administrators (2)
  • Biometric Authentication (2)
  • Change Management (2)
  • EOL (2)
  • ESU (2)
  • Fortinet (2)
  • GLA ALA (2)
  • HackNotice (2)
  • Hashcat (2)
  • Hybrid Storage (2)
  • IC3 (2)
  • Identity Theft (2)
  • Microsoft SQL Server 2005 (2)
  • Microsoft SQL Server 2008 (2)
  • Microsoft SQL Server 2016 (2)
  • Mine (2)
  • Office 2016 (2)
  • On-Premises Storage (2)
  • Regulation (2)
  • SMB (2)
  • Server 2008 (2)
  • Staff (2)
  • Video (2)
  • Videos (2)
  • Vulnerability Testing (2)
  • firewall (2)
  • iManage RVAN (2)
  • ABA (1)
  • About Us (1)
  • Amazon Web Services (1)
  • Anniversary (1)
  • Austin ALA (1)
  • BYOD (1)
  • Blue Jeans (1)
  • Cindy Bates (1)
  • Citadel Information Group (1)
  • Citrix (1)
  • Cloud Communications (1)
  • Customer Service (1)
  • David Lam (1)
  • ELF (1)
  • EMM (1)
  • EMP for Windows Server (1)
  • Employment Law Forum (1)
  • Financing (1)
  • First American Equipment Finance (1)
  • GLA (1)
  • GPDR (1)
  • Golden Gate ALA (1)
  • HPE (1)
  • Hiring (1)
  • IBM (1)
  • Imaging (1)
  • Innovative Computing Systems Family (1)
  • Internet Explorer (1)
  • Internet of Things (1)
  • IoT (1)
  • KnowBe4 (1)
  • LawToolBox (1)
  • Licensing (1)
  • Los Angeles (1)
  • MaaS360 (1)
  • Michael Kemps (1)
  • Microsoft Edge (1)
  • Microsoft SQL Server 2014 (1)
  • Mitel (1)
  • Outlook (1)
  • PDFs (1)
  • Phones (1)
  • Pokémon GO (1)
  • Printers (1)
  • Privacy.com (1)
  • RSA Conference (1)
  • Recipient Checking (1)
  • Servers (1)
  • Threat Map (1)
  • Unified Communications (1)
  • User Experience (1)
  • Virtualization (1)
  • Work Product Management (1)
  • compareDocs (1)
  • eBook (1)
  • macOS (1)
  • pdfDocs (1)
  • zoom (1)
see all

Subscribe to Innovative Insights

  • Cloud Solutions
    Cybersecurity
    Managed IT Services
    IT Consulting
    Enterprise Servers & Storage
    Enterprise Content Management
  • Telephony & Networking
    Desktop Management
    Desktop Deployment
    Audits & Strategy
    Virtualization
Practice Groups
Services
Partners
About Us
News & Events
Resources
Blog
Employment
Privacy Policy
ICSLogo_Footer
Copyright © 1989–2021. Innovative Computing Systems, Inc.