It wasn’t that long ago that most people had a very few passwords. Now most people have many, many passwords. From your office computer’s login to online legal research to all sorts of online sites that require registration, you may have dozens of passwords. And many of you have passwords that are woefully insecure. You may think you are being clever to use the word "password" as your password, but thousands of others have thought the same thing and it would be in anyone’s Top Ten list if they were trying to crack your system. Others would include repeating the login name for the password, any variation of your name or a family member or pet’s name, or the local sports team nickname. (I can’t imagine how many in my state use Sooner or Sooners for their password.)

Let’s discuss briefly selecting and securing your passwords. First of all, your password should never appear in the dictionary. You cannot just use a word. You must have at least one number or typographical character in your password, and more than one is preferred. Although it may be unlikely you would be subjected to a brute force cracking attempt where hundreds of common words or passwords are attempted one after another, it is better to have a universe of possible characters that is larger than just 26 letters. Of course, you can still create an insecure password using numbers if you choose something obvious like hal9000 or john316.

It is critically important that you do not use the same password for everything. If your network login password is compormised you don’t want to give access to your online banking and brokerage accounts as well. I do slightly disagree with the experts who say every password must be unique. I think if you have several online accounts that never involve money, are primarily a "read only" registration access and could be easily replaced without harm, it is OK to use one "throwaway" password for all of them. So it doesn’t bother me if your New York Times, NewsOK.com and Salon passwords are all the same. But if you value your reputation in online communities, you would want to have a more secure password so a password cracker couldn’t post slanders in your name.

This post was inspired by a LifeHacker post "Ten Passwords to Avoid." That post links to a British list of the ten most common passwords. But of greater importance is an older LifeHacker Post on how to formulate rules for all passwords. This is really good reading on how to formulate a rule that incorporates some things you remember with some you apply from the website for some pretty good passwords. Of course some sites will have rules that won’t allow some of these.

Everyone says do not write down your password. But what they mean is do not write it down and keep it at your desk near your computer. I have to write down my cable modem password because I never use it unless there is trouble. But writing it down and sticking it in a file drawer in a file labeled "old bankruptcy research" on the third page of a four page document is pretty secure as far as I am concerned.

There are password managers like Roboform and KeePass. Just make sure you don’t forget those passwords or you will be locked out of everything. I learned from a comment posted to one of the above sources that some uber-geeks use leet for their password language.

What should be your most secure and longest passwords? Obviously those to online banking and brokerage accounts or those that you have allowed to remember your credit card information. (Call me old-fashioned. I still type in credit card info each time.)  But one of the most important is any e-mail account, especially web-based e-mail. Why? Because if one cracks that, they can use the "forgot your password" feature to send many of your other passwords there!

Dennis Kennedy noted the Lifehacker post as well and linked to one of his earlier articles on password security that is well worth reading.

Do you get tired of registering with sites you will likely not visit again just to read one article? Norman attorney Kurt B. Pfenning deserves the credit (or the blame) for directing me to BugMeNot, a site for "bypassing compulsory registration." This site is a database of usernames and passwords from those who have already registered and will let you use their info to save yourself the trouble. Needless to say, the sites that want you to register will sometimes disable these accounts. Then new ones will be posted. It is a little online exercise in civil disobedience.

A surprising number of people use vulgarities for their passwords, but that can be embarrassing when you have to call tech support or the guy at the Bar Center for assistance.

Well, that’s enough for today. I hope you have decided to go improve some of your weak passwords.

ABA TECHSHOW® 2007 — Judge Shira A. Scheindlin to Speak as the Keynote

The Honorable Judge Shira A. Scheindlin, of United States District Court for the Southern District of New York, will give the ABA TECHSHOW 2007 Keynote Presentation on Thursday, March 22.

Judge Scheindlin is renowned for a series of landmark decisions in Zubulake v. UBS Warburg which ended with a $29 million verdict. Her Zubulake opinions validated "sampling" evidence as a viable option to determine whether relevant evidence exists, laid down the factors to be considered in cost-shifting, delineated the difference between "accessible" and "inaccessible" evidence, gave guidance on the issue of spoliation, outlined the requirements of litigation holds, and detailed the duties of both clients and attorneys in the continued monitoring of preservation and production of evidence. The Zubulake opinions, taken collectively, are often referred to as the "gold standard" of electronic discovery and have been cited with approval in courts throughout the country.

ABA TECHSHOW, the world’s premier legal technology conference and exposition, will be held from March 22-24, 2007 at the Sheraton Chicago Hotel & Towers and promises to bring three exciting days of programming and networking. On Friday, March 23, a special Solo/Small Firm Day will highlight two tracks and several educational sessions geared toward the solo and small firm lawyer. A one-day rate is available for those solo and small firm lawyers.

And, on a personal note, I just received my invitation to speak at ABA TECHSHOW 2007, so I am a happy camper. I’m going to be involved in one interesting new idea. They are again going to have four "60 Tips" programs on topics ranging from marketing to technology, but then they will have a "Best of Tips" program presenting the best tips from each of those programs. I bet we have a big crowd for that one.

This week I was a guest speaker at the Mississippi Bar Technology Conference. While they have had technology conferences in the past, this one was a little different as it was a part of the ongoing efforts of the ABA Law Practice Management Section and others to help Gulf Coast lawyers recover from Katrina.

With lots of corporate sponsorships behind the conference, the registration fee was nominal and every attendee received a flash drive and free software worth many times the registration fee, including a free copy of Corel’s WordPerfect Office X3. Plus there were many giveaways, including a tablet PC. The roster of speakers contained many notables, including "Ernie the Attorney" Svenson (see his post about the conference),  Ross Kodner (see his post too), Tom Mighell,  Natalie Kelly from the Georgia Bar, Adobe’s Rick Borstein, LPM Section’s Larry Smith,  and Adriana Linares. Thanks to LEDI’s Tom O’Connor and Gayle O’Conner for their organizational work setting up this program. Mississippi Bar Executive Director Larry Houchins and his team were great hosts.

I met Jim Province, the principal of TabletLawyer, there for the first time. He is certainly an evangelist for the idea that more lawyers should be using tablet PC’s and a very humerous guy as well.

I want to acknowledge again the support my employer, the Oklahoma Bar Association, has given to lawyers impacted by Katrina and Rita. In addition to significant cash donations from OBA members, every time I was asked to participate in an effort, OBA leadership instantly said "GO!"

The Journal Record, an Oklahoma City-based legal newspaper, published a story this week titled Law Blogs: 21st Century Advertising? A local TV station republished it on their web site so you can read it here. I’m not sure how long it will be avaialble. They interviewed me and OBA General Counsel Dan Murdock for the story and mentioned the Law Practice Tips blog.

For the past couple of years, I have served on the editorial advisory board of a publication called Small Firm Business, an American Lawyer Media publication. Recently Editor in Chief Trevor Delaney notified me that it will cease publication and "transition to a Web-only format."  I was not shocked. Between all of the print publications that a lawyer might receive from various bar associations (and bar sections) and Internet offerings like e-mail newsletters, blogs, websites and e-zines, a print publication has to offer lots of value to sell paid subscriptions. As with many things in our lives, it as much a matter of finding time to read the publications as it is the cash out of pocket. Such issues also likely lead to the demise of Law Office Computing earlier this year.

But I encourage the folks at ALM to remember that the small law firm market is very important. I hope they follow through with increasing their web content targeted to that group. To that end, I’d encourage all my readers to stop by SmallFirmBusiness.com, this week’s Website of the Week and review the features there.

In my prior post I mentioned the ABA GP/Solo Division. The division sponsored a National Solo and Small Firm Conference last week. Ross Kodner and I co-chaired the event. Ponca City, Oklahoma attorney Brian Hermanson was a speaker. Ross and I spent a lot of time working on this and it was a pleasure. Ross has done a nice blog post about the conference if you want more details. At this time the plan is to do it again next fall in Stowe, Vermont. I have to make special note of ABA staffer Laura Ramirez. Imagine having a huge project dumped in your lap when it was already one of your three or four busiest times of the year. And then imagine having to deal with me and Ross almost every day for weeks! Thanks also to the GP/Solo division leadership for supporting the venture and Alexandria, VA attorney, Deb Matthews for serving not only as a track leader, but generally filling in when we needed help.

But right around the corner is the Maryland Bar’s 8th Annual Solo and Small Firm Practice Conference on November 11, 2006.  They have some nationally known speakers like Sharon D. Nelson, John Simek, Carolyn Elefant and the ABA’s tech guru, Catherine Sanders Reach of the ABA Legal Technology Resource Center. My friend, Pat Yevics of the Maryland State Bar, organizes the conference. Fellow conference organizers, I do see another idea really worth stealing — a "Sanity" track. I like it. For more information, look over the conference schedule.

Most lawyers are very, very busy. When I encourage them to participate in online communities like OBA-NET or Solosez, they often respond that they don’t have the time to read their own e-mail, much less sign up for optional messages or postings. (In fact, one really well-known technology expert and lawyer confessed to me yesterday that due to traveling and other commitments he had quickly become "800 e-mails behind.")

But there is a great deal of collective wisdom being shared online. So Popular Threads on Solosez is a good way to share in some of that wisdom without having to sort through hundreds of e-mails. I’ve mentioned this service before, but it deserves another mention. These are quick reads with all of the signature blocks and other extra information stripped out.

But how will you remember to check the popular threads each month? (You might ask.) Well, the ABA GP/Solo Division allows non-members to subscribe to its Buzz e-newsletter, which, among other things, announces the Popular Threads each month. Subscribe here.

New browser versions have been released for free public download: Firefox 2.0 today and Internet Explorer 7 last week. You can download the new Internet Explorer here and you can download Firefox here. A lot of people are busily installing these, while other veterans of many new software installations are hanging back, waiting for the first service pack to be released.

I have yet to install either upgrade, but that’s been a "no time" thing. I figure that they have been in public and private beta so long that no real harm can come from upgrading now.

Early commentary has been mixed, but generally positive for both. One long-time Firefox user calls it "a dud" and indicates some should consider switching to the "surprisingly solid IE 7.0." Another ZDNet reviewer reacted to that, saying "Firefox 2 is no dud" and providing a nice brief list of the FF improvements. PC World published a nice, detailed comparison of the two browsers. I think it is fair to note PC World’s characterization that Internet Explorer 7 is "radically different," while Firefox upgrade is a "measured step." IE has added tabbed browsing and RSS newsfeed support. (I’ve told several groups that this may be the trigger that brings RSS into much more common usage. We shall see.)

Both browsers have antiphishing tools and other improved security features.

I think those who choose to wait to upgrade have history and experience on their side. But the best option this time seems to be to go ahead and jump in. Improved security is a good thing and IE users will take a big step forward with new features. One commentator suggests that since you will have to get used to a new Internet Explorer interface anyway, you should just get used to a new Firefox interface. But this is one matter of great public debate where you need not choose a side. Unless you are very short on hard drive space, just install both upgrades. Explore the new features and see what you think. You don’t even have to tell others which one you finally select as your defualt browser.

Our fall edition of the New Lawyer Experience program is completed. Over 150 lawyers attended in either Oklahoma City or Tulsa, with the majority being brand new lawyers who were sworn in the week before. (When you learn that they were forced to listen to me for five hours, it might sound more like new lawyer hazing.)

My column in the Oklahoma Bar Journal this month shares part of the program’s content with you. Check out New Lawyer Training Holds Lessons for All Lawyers.

The article provides a link to download the *Ten Commandments of Client Relationships. I encourage you each to download it, frame it and hang it on the place on the wall in your office where you tend to stare when someone has hacked you off.