.

Authentication    Precautions   Ease of Use Considerations
Authentication Points   User Validation Authentication for Remote Access
Password Protection   Location Validation and Call Level Security
Accounting   Firewalls

Password Protection

Given today's networked environments, we recommend that lawfirms consider moving away from standard, reusable passwords. There are dozens of examples in most firms of security breaches involving Trojan network programs (e.g., Telnet and login) and network packet sniffing programs. These programs capture information on hostnames, account names and passwords, which intruders can use to gain access to those hosts and accounts. This is possible because the password is used repeatedly (hence the term "reusable"), often over a period of months, or even years. Additionally, the password frequently passes across the network in clear text, i.e., without being encrypted.
Several authentication techniques have been developed that address this problem. Among these techniques are token-based challenge-response technologies that provide one-time passwords. The use of one-time passwords makes sniffing account information virtually useless.

.