Good work from the Department of Interior Inspector General. Their conclusions apply just as well to law firms. The length of a password is more important than complexity. It’s better to have a phrase like JonesAndSallyLoveBaskingInSunshine than #si30_584JKL.

Implementing this advice is a no-brainer, since a well chosen phrase is easier to remember than a cryptic string of numbers, characters and letters.

It’s more difficult to implement MFA (multi factor authentication) but it is also essential for key applications.