Trellis White paper Ad 770 Spot #6
share TWEET PIN IT share share 0

Don’t Trifle with Password Safety

By Vivian Manning

As many of my email correspondents are aware, my personal Gmail account was recently hacked. I still have no idea how this happened. I am not in the habit of clicking on email attachments or browsing strange websites, and I use an extremely strong, long and hard-to-crack password. Yet despite practicing an almost paranoid level of online personal security, my account was still hacked.

Luckily, I was made aware almost immediately. Unluckily, I was sitting in a taxi at the time, heading toward a four-hour train ride, followed by a two-hour car ride, and panicking that I couldn’t do much about it. Back to the luck side—the train had Internet access, so as soon as I settled in, I set out to minimize the damage and maximize the apologies. I think I did a pretty good job at both, but the embarrassment continues and my security paranoia has increased dramatically.

I’ve spent a lot of time thinking about how my account got hacked but haven’t come up with any answers. The bottom line is this: You can’t let your guard down online, no matter what. I was lucky my account wasn’t taken over completely—I could still log into it, change my password and ensure that none of my settings were changed. Other people haven’t been so lucky.

Changing Habits

I’ve changed a few of my habits since that day and have considerably beefed up my approach to password safety. In addition to basic password safety—sufficiently secure passwords, not shared with others or written down and stored in obvious places—here are some additional steps you can take to increase your online safety, too.

  • Don’t login to any non-secure online accounts from public Internet hotspots, unless you really aren’t at all concerned about your security.
  • Don’t stay logged in to your web-based email while browsing the Internet, especially if using an unknown Internet connection.
  • Never put your password in an email.
  • Create secure challenge questions—your mother’s birth name or your pet’s name or similar are never sufficiently secure challenge questions and answers.
  • Ensure your password recovery email address is current.
  • Don’t use the same password for multiple accounts. If one account password becomes known, all your online accounts will be vulnerable.
  • Check sent email for unusual activity.
  • Periodically change the password for your most sensitive accounts.
  • Never, ever use your network logon password outside the office network.
  • If you use Gmail, use its two-step authentication process.
  • Use 10 characters instead of 8 (the default)

Because you can never have too much information or too many warnings, below are links to two stories that will stop you and make you think (and then make you update and strengthen your passwords). The first shows how easy it was for the Hollywood Hacker to take over celebrity email accounts. The second is a sobering account by journalist James Fallows about the hacking of his wife’s Gmail account, and the fallout.

Categories: Daily Dispatch, Lawyer Social Media, Legal Technology
Originally published November 30, 2011
Last updated July 31, 2023
share TWEET PIN IT share share
Vivian Manning

Vivian Manning retired from Barriston Law LLP in Barrie, Bracebridge and Cookstown, Ontario in 2019. For more than 16 years she served as the firm’s IT manager, office manager and technology trainer. Prior to moving into IT, Vivian practiced law at Barriston LLP (formerly Burgar Rowe PC) primarily in the area of Municipal Land Development, with a total of 17 years in private practice before switching to the IT side of the law office.


More Posts By This Author
MUST READ Articles for Law Firms Click to expand

Welcome to Attorney at Work!

Sign up for our free newsletter.


All fields are required. By signing up, you are opting in to Attorney at Work's free practice tips newsletter and occasional emails with news and offers. By using this service, you indicate that you agree to our Terms and Conditions and have read and understand our Privacy Policy.