How to Use Two-Factor Authentication to Protect Data in Litigation and Discovery

How to Use Two-Factor Authentication to Protect Data in Litigation and Discovery

You’ve been hacked. Whether you’re aware of it or not, it’s almost certain that hackers somewhere have your private, personal information: your name, email addresses, passwords, birth dates, etc. Hackers may have compromised your computer, or your email system, or, more likely, they may have obtained your information from a massive corporate data breach. Every single Yahoo! account has been hacked, for example, totalling more than 3 billion compromised accounts. The Equifax data breach resulted in the theft of personal information of 143 million U.S. consumers. A 2014 breach at eBay exposed another 145 million accounts. The list goes on and on and on.  

But just because hackers have your information, that doesn’t mean they can access your most sensitive accounts. Strong passwords policies and two-factor authentication can mean the difference between data security and potential disaster.

Two-Factor Authentication’s Extra Layer of Security

A strong password policy is your first line of defense against outsiders who want to infiltrate your accounts. You should have passwords that are unique to each account and conform to NIST’s password guidelines. (Think “$Y21kfC1H6yz” rather than “Martha1972”.) You’ll also need a password manager, such as Lastpass, to handle that whole mess. (No one is going to remember “$Y21kfC1H6yz” after all.)

But two-factor authentication, sometimes referred to as 2FA, is another important bulwark against outsiders accessing your accounts or data. Two-factor authentication is an additional layer of protection that goes beyond the typical combination of a username and password, by adding another factor to the authentication process.

How does two-factor authentication work? By requiring one more form of proof when verifying an account holder’s right to access. There are three general “factors,” or ways to authentication someone:

  1. Something you know, such as your password, your mother’s maiden name, or your high school mascot.
  2. Something you have, like an ATM card, an employee badge, or a cell phone.
  3. Something you are, which can require biometric factors such as fingerprints, voice recognition, or face scans.

In fact, you’re probably already familiar with two-factor authentication, whether you know it by that name or not. When you withdraw money from an ATM, for example, you’re using two-factor authentication--your ATM card, the something you have, and your PIN, the something you know. Similarly, when you unlock your phone, you may need to provide both a fingerprint scan and a PIN.

Important Protection for Your Most Valuable Information

Using two-factor authentication is considered a best practice for protecting sensitive accounts and information. If someone, for example, steals your ATM card, they will not be able to access your bank account without your PIN. If someone has stolen your password, they will not be able to login to 2FA-protected accounts without your second authenticator. That is, despite having some of your personal information, the outsider will still be locked out. That’s why two factors are better than one.

This extra level of security is particularly important protection for accounts containing sensitive information, such as bank accounts, medical records, and, yes, your discovery software. Hackers, we know, are already preying on lawyers. Last year, the Wall Street Journal reported that hackers had targeted attorneys at two of the nation’s biggest firms, stealing nonpublic information that they then used to make millions on insider trading. And Russian hackers have bragged about successfully going after lawyers, building phishing campaigns that played on victims’ own vanity.

Discovery repositories are particularly ripe targets for hackers. At the outset of the typical discovery process, for example, data is collected on the client side, often with minimal removal of sensitive information. Broad collection means that the discovery repository or litigation database is full of highly sensitive data—data that’s been flagged for litigation but not yet culled of confidential material. It is, therefore, an enticing target for cybercriminals. At this point, you’ve basically pulled together a treasure trove of a company’s most valuable information. As you cull that information down, separating the wheat from the chaff, it only becomes more valuable. Compromising that data could be career ending.

Two-factor authentication can help you keep that treasure trove out of the hands of those who would plunder it.

Adding 2FA to Your Logikcull Account

To help keep your sensitive information secure, Logikcull offers two-factor authentication for all accounts—and suggests that all users enable it. Activating and using two-factor authentication in Logikcull is simple and easy, as you’d expect.

To activate 2FA, simply visit your user profile and enable the feature. Logikcull relies on “something you have” for the second factor—your cell phone. Once you’ve enabled two-factor authentication for your account, you’ll be prompted to enter a one-time, time-sensitive password when logging in to your account.

2FA Sign in.png

There are two ways to get this password. You could have it texted to your cell phone when you log in. Enter the code and you’re good to go. You can also use a smartphone authenticator app, such as Google Authenticator. Just scan the unique QR code that Logikcull provides and your app will instantly be connected. Indeed, this is both the recommended approach and the easiest one.

2FA Method Choices

When logging into Logikcull, you can quickly open your authenticator app, grab your unique, time-sensitive password, and get going.

2FA Codes.png

An outsider, looking to break into your valuable discovery data, simply won’t be able to, without having access to this second layer of protection.

2FA Locked Out.png

Should your phone go missing, you won’t be locked out of Logikcull in your time of need. Logikcull allows you to generate one-time-use recovery codes that you can use to access Logikcull in the event that you lose access to your authentication device. You can also set up a fallback number, such as a co-worker or manager’s cell phone number, that can be sent a one-time code for Logikcull access while you work to recover your device or setup a new one.

Enabling and using two-factor authentication takes just seconds. But it offers significantly more security for your accounts, and the peace of mind that, even if your password becomes compromised, you still have an added layer of security.

When so much of your sensitive information is being targeted by malicious outsiders, there’s no excuse to not use two-factor authentication.

Want to see Logikcull in action? 

Let us show you how to make Logikcull can help you save thousands in discovery.

Want to see Logikcull in action? Let's chat.

Our team of product specialists will show you how to make Logikcull work for your specific needs and help you save thousands in records requests, subpoenas, and general discovery.