Online Security: The Importance of Two-Factor Authentication

Secure Cloud Computing

(Photo credit: FutUndBeidl)

These days, when it comes to electronic data storage, it’s all about security. After all, as we learned just last week, even huge retailers like Target can get hacked.

This breach was simply further proof that, as I’ve often said in the past, there is no such thing as absolute security. Realistically speaking, absolute security is an impossibility and instead, lawyers must take reasonable steps to ensure that confidential data remains secure, as Bob Ambrogi recently explained at his blog, Lawsites:

Ethics panels require us to take reasonable steps to protect client confidences and documents, they do not require us to be guarantors of confidentiality.

Of course, even though lawyers need not–and cannot–guarantee absolute security, it is important to have a thorough understanding of the technology that your firm uses and to take steps to secure confidential client data and prevent data breaches.

For example, two-factor authentication is a great example of a security measure that you can enable to protect your firm’s data. This is because it adds an additional layer of security, making it that much harder for unauthorized users to access your online accounts.

In fact, as Dan Pinnington explained earlier this month at the SlawTips blog, enabling two-factor authentication is one of the simplest–and most important–security measures you can take to secure your accounts:

Two-factor authentication is one of the best things you can do to make sure your online accounts are more secure and don’t get hacked…Two-factor authentication is a feature that asks for more than just your password. It requires both something you know (a password) and something you have (for example, your phone). After you enter your password, you’ll get a second code sent to your phone, and only after you enter it will you get into your account. It’s a lot more secure than a password and can help keep hackers out of your online accounts.

Security is especially important when it comes to the confidential client data stored in your law practice management software. That’s why, as one of the many enhancements we added to the MyCase platform this year, we recently rolled out Two-Factor Authentication. With this new feature, MyCase customers can now add another layer of security–in addition to their passwords–when logging into their accounts.

Enabling two-factor authentication is one of the best ways to increase security, along with ensuring that your firm’s law practice management software includes bank-grade encryption and sufficient geo-redundant server distribution. So enable two-factor authentication today, then rest assured that your firm’s  confidential data is that much more secure.

–Nicole Black

  • Mark Stanislav

    Great to see more companies adding support for two-factor authentication! Glad to see you also opt’ed to go with an open-standard like time-based one-time passwords (TOTP), which is what Google Authenticator uses.

    Just so your users are aware, they can also use “Duo Mobile” from Duo Security with your two-factor authentication if they prefer. Good to have options!

  • Paul McGuire

    Though I occasionally find myself annoyed with having to enter those codes I am glad that I have enabled two factor identification whenever I read about a data breach. The other day I got a text message that someone had tried to log into my Facebook account. However, because I have two factor identification setup they didn’t get through. It was a nice simple reminder that any account can get hacked, especially one that everyone assumes you have.

    • nikilblack

      That’s a great example of why 2-factor authentication is such an important security measure. Thanks for sharing!

  • Beck Olp

    I know two factor authentication is important, especially with breaches like and Neiman, but I also agree that the codes are a quite a hassle. I recently tried Toopher’s two factor auth – it automates the authentication process in locations you deem safe like home or work, so you don’t have to enter codes or even approve the authentication for every login. Plus, sms text channels aren’t encrypted, so a hacker could intercept that code and defeat that type of two-factor. Two-factor is definitely more secure and easier to use via push notification. Cool stuff, it might be the solution we’re looking for.