You can help protect your firm data and account security by ensuring your Clio user account has a strong password. Your password should not contain any personal information that can be tied to the user, and it should be long enough that it cannot easily be uncovered by password cracking software.
Tip: Enable two-factor authentication (2FA) on your account to strengthen account security. With 2FA, your account is still protected in the event that your password is compromised. Learn more here.
Tips for strong password
A secure and strong password can help protect not only your own user account but also your firm data. Common techniques to disguise passwords, such as using numbers to represent letters (i.e. "leet" speak), random capitalization, or uncommon spellings are not nearly as helpful as you think in making a password stronger. Many of these techniques are well known and easily uncovered by password cracking software.
Create a long and memorable password
Ideally, a good password is one that is easy for the owner to remember but difficult for another party to guess or for a computer to guess via a dictionary attack (defeating an authentication system by trying hundreds or thousands of possible passwords) or a brute force attack (systematically checking all possible password values until the correct solution is found). Clio strongly recommends the following:
- A passphrase that includes capitalization or punctuation of up to 72 characters, such as "SurpringlyAtypicalLawPracticedoesnotIncludeLitigation" or "Kitchen plant Sofa Socks"
- A 20-character random string of upper-case and lower-case letters, numbers, and punctuation, such as "fsdk867#%g]lji4!@6?)"
Tip: Password generation and management tools like 1Password, Lastpass, and Bitwarden help generate and automatically fill your passwords while storing them in a safe vault, which means you can have a strong password without having to memorize it.
Do not use personal information or common words
A strong password should not contain any personal information that can be tied to the user, including information that family and friends know and information available on social media, or any common words or phrases that are easy to guess.
Personal information | Common words |
---|---|
Your name | Obvious words like "password" or "law" |
Important birthdays or anniversary dates | Common leet speak, such as "4ever" |
A pet or child's name | Keyboard patterns like "qwerty" |
Your current or previous address | Alphabetical or numerical sequences, such as "abcde" or "12345" |
Change password
Note: Users on SSO will have the same password for both Clio Grow and Manage and only need to change it in one product.
- Go to Settings > Security & Compliance.
- Under My Security, click Update your security settings.
- In the Password section, click Edit.
- Enter your current password, new password, confirm your new password, and click Continue.
- Go to Settings > Account.
- Under User settings click Password recovery next to your username.
- Enter your email address and click Send instructions.
- Check your email and follow the password reset directions.
Reset password
- Enter your email on the login page and click Next: Password.
- Click I forgot my password.
- Click Send instructions.
- Check your email and follow the password reset directions.
Force change user passwords
Users with administrator permissions cannot change or view any other user’s password; however, they can force individual firm users or all firm users to change their passwords.
Important: Forcing password changes for all user passwords will also expire the password for the administrator initiating the action.
Follow these steps to force a password change for a single user.
- Go to Settings > Manage Users.
- Click Force Password Change under a user’s name.
- When the warning prompt appears, select Force Password Change. The user will receive an email instructing them to create a new password.
Follow these steps to expire passwords for all firm users.
- Go to Settings > Manage Users.
- Click Actions.
- Select Expire all passwords.
- When the warning prompt appears, select Expire User passwords. All firm users will receive an email instructing them to create a new password.