Are you concerned about your firm's cybersecurity?

Are you worried about your team member's password use?

Are you concerned about your firm's cybersecurity?

Are you aware that password management is a critical aspect of effective cybersecurity, and that failing to implement strong password policies could leave your business vulnerable to cyber attacks?

SSST #13: 2FA or Not 2FA

We’ve established the importance of securing online access and the need to employ unique passwords. Still, password protection alone isn’t enough – you should enable another critical layer of verification with any restricted account.

The bad news is that only 39% of lawyers are making use of this, according to the ABA 2020 TechReport.

The good news is that this additional security is already built-in to almost every portal. You need only turn it on.

You’ve likely already been asked to enable Two-factor Authentication (2FA) and skipped it out of convenience or unfamiliarity. Let’s address the excuse I hear the most and rectify it.

Most common reason: (activate whiny voice):

“But it’s more work to sign in and it’s annoying.”

Let me ask you this:

What is more annoying, taking a few seconds when logging in every few weeks or months, or dealing with a data breach?

Fact: your critical accounts are under attack. The bad guys really want to get in.

Choose your own adventure here, do you:

  1. Act lazy and whiny and NOT enable a free security layer you have access to that would drastically increase the security of your practice?


  1. Take a few minutes to set it up, educate your team on the why and how, and greatly increase your security by enabling this security layer?

One more scenario.

Let’s pretend you suffer a data breach and you’re now answering to an ethics committee as to why you didn’t have 2FA enabled?

How sympathetic would they feel to your response: “It was annoying?”

Consider this:

If a site you use only requires a password to get in and doesn’t offer 2FA, there’s a good chance that it will be eventually be hacked.

2FA is an extra layer of security used to make sure that people trying to gain access to an online account are who they say they are.

First, a user will enter their username and a password.

Then, instead of immediately gaining access, they will be required to provide another piece of information (that’s the 2FA – Two-Factor Authentication).

There are many options for 2FA, like a secondary pin to a physical possession (key fob that generates a token) to personal security questions, GPS location, biometric signatures, or access to an independent account (SMS/email – another reason to use different passwords!). Then there’s MFA…..all too complex and likely a point where I lose some of you.

What I want you to take away from today is that the overwhelming majority of your online accounts should have 2FA available and you should take the time to set this up.

Take the time right now to return to those ten prime accounts where you already replaced your passwords and make sure that 2FA is enabled – there should be a link somewhere on the access screen (if not, check the help section, Google it, or call the institution).

Confirmation will take just a minute, and likely won’t be necessary with every log-in, usually after a prolonged absence or when you sign-in from new devices or locations.

You’re safer already!

Never think of the second factor as an inconvenience that takes all of 12 seconds, but a layer of comfort that brings peace of mind. And please don’t ever tell me ‘it’s annoying’ so I don’t use it – that’s a sore spot for me J.


Officer: “There is no sign of forced entry.”

You: “Yeah, well I would have locked my car, but I would have had to open my bag, take my keys out, press the buttons, just too much work.”


About the Author

Tom Lambotte is the CEO and Founder of BobaGuard, an all-in-one security solution for solo and small firm lawyers. They provide leadership and direction to transform law firm operations and boost profits by leveraging technology.

Tom’s methods are based on over a decade of research, testing, and real-world refinement of best practices, working directly with law firms. Tom is the author of Hassle Free Mac IT Support for Law Firms and Legal Boost: Big Profits Through an IT Transformation and has a forthcoming book being published by the ABA Law Practice Division titled Macs in Law. He is a highly sought after speaker at national events such as the ABA Techshow and MacTrack Legal.

Comments are closed.

Want to receive more
Stupid Simple Security Tips?
Sign up below.


The Security Checklist for Busy Lawyers

The Security Checklist for Busy Lawyers