Cloud security is currently one of the hottest topics and one that many people and companies are concerned about. When Evernote was recently hacked the company forced 50 million users to reset their passwords. The Evernote hack was just one in a slew of recent incidents that have included Dropbox, Apple, Microsoft and Facebook. This makes it more important than ever for users that store data in the cloud to implement and maintain strict security and authentication measures.
Stronger passwords mean stronger cloud security
When you look at the top 25 worst passwords of 2012, you may be surprised to find that even in this day of more advanced technological information available to users that “password” is still the most commonly used password. Obviously, you don’t want to use a password that is on this list. But this is a small list. You should also check other lists to ensure your password does not appear on them, such as the 10,000 most common password list. In a study performed by the site, they found that 91% of people use a password that is found in the top 1000 most common passwords. With computers that claim to be able to able to process 348 billion passwords per second, a password in the top 1000 will not take long to crack. There is even a list of passwords that Twitter found to be too common and banned them from being used. If you want to find out how secure your password is, you can go to http://howsecureismypassword.net/ to find out how strong your password is and also approximately how long a desktop PC would take to crack it.
Tips for creating a secure password
If the weak passwords that are most commonly used surprise you, check out this analysis by Troy Hunt on the science of password selection. The longer the password, the harder it is to crack. It’s much better to have a long password that you can remember than to have a short password that may be more easily cracked.
SplashData offers these tips to use when creating secure passwords:
- Use passwords of eight characters or more with mixed types of characters. One way to create longer, more secure passwords that are easy to remember is to use short words with spaces or other characters separating them. For example, “eat cake at 8!” or “car_park_city?”
- Avoid using the same username/password combination for multiple websites. Especially risky is using the same password for entertainment sites that you do for online email, social networking, and financial services. Use different passwords for each new website or service you sign up for.
- Having trouble remembering all those different passwords? Try using a password manager application such as 1Password that organizes and protects passwords and can automatically log you into websites. The downside is that using a password manager isn’t always possible and it isn’t always practical either.
If your cloud storage providers have 2-factor authentication: Enable it
Some cloud storage providers such as Google Drive http://www.google.com/landing/2step/ and Dropbox support 2-factor authentication. Two-factor authentication is an approach to authentication which requires the presentation of two or more of the three authentication factors: a knowledge factor (“something the user knows”), a possession factor (“something the user has”), and an inherence factor (“something the user is”).
The basics of how it works: You enter your password as you would normally when signing in to the service. A code is then sent to your mobile phone or an app that you have preapproved. The code comes through instantly so there is no waiting. As soon as you enter your code, you have access to the account.
How does this protect you?
If a hacker gains access to your password (keylogger, sniffer, steals your laptop, etc.), he will still be unable to access your account without also having access to your mobile phone. Creating strong passwords, keeping your passwords secure and changing your password frequently (and especially at the first sign of any suspicious activity) can help prevent unauthorized access to your account. The 2-factor authentication makes it much harder for unauthorized users to access your account, thus your data remains safe.
Some instructions on how to setup Dropbox 2-factor authentication can be found here: https://www.dropbox.com/help/363/en
And for Google Drive (and your Google mail and other other Google properties) you can find instructions here: http://support.google.com/accounts/bin/answer.py?hl=en&answer=180744
Protect cloud data with a secure backup from cloudHQ
Most unauthorized accesses happen because of weak passwords or other weak security measures. However, even with all possible protections in place, there is still the possibility that your account can be hacked. Hackers can delete your data, but even if the account is accessed, your data doesn’t have to be lost.
CloudHQ uses a secure backup to create and maintain a second copy of all of your data. The replication is automatic and it operates silently in the background. It is also continuous replication which means it automatically updates in real-time as changes are made to files.
Let’s use an example. You have an Evernote account and want to use cloudHQ to protect your Evernote data. You simply create two Evernote accounts. One is your primary Evernote account and the other is your backup account. CloudHQ provides a continuous replication of all data from the primary Evernote account to the secondary Evernote account. If a hacker gains access to your primary account and deletes your data (including from Evernote trash), the backup account will still hold a complete second copy of all of your data.
Choosing a strong, secure password and implementing strong security measures can keep your cloud data protected from hackers. But if security fails and your cloud account is hacked, cloudHQ can be a lifesaver, as it will ensure that none of your data is lost.
- App.net Adds Two-Factor Authentication (app.net)
- Evernote planning two-factor authentication following hack (pocket-lint.com)
- Evernote Two-Factor Authentication Feature Launching Soon (geeky-gadgets.com)
- Why Two Factor Authentication Should be a Part of Your Security Plans for 2013 (twilio.com)
- Evernote hack shows that passwords aren’t good enough (pcworld.com)