By Brad Chacos on August 15, 2012 in
Between streaming music services, streaming video services, social media, online storage services and Amazon's Whispersync'ed Kindle e-books, more and more of our daily lives are being spent in the cloud. The upcoming Windows 8 operating system has deep cloud hooks that will increase our reliance even more. While storing your digital files online is convenient and a good backup solution, what happens when the cloud gets turbulent? Technology journalist Mat Honan found that out the hard way when hackers gained control of his Amazon, Apple iCloud and Google accounts, then wiped his iPhone, iPad and Mac -- and erased over a year's worth of data in the process. All of the pictures of his newborn daughter, all of his work, all of his emails -- gone in an instant. (His Twitter account was also hacked.)
Security lapses by Apple and Amazon contributed to Honan's terrifying ordeal (and have since been plugged) but Honan made some mistakes of his own that you -- yes, you -- can learn from. Here are some basic steps you can take to protect your data in the cloud.
Beef up your passwords. Study after study has shown that people use very simple passwords; a lot of folks use obvious ones, like variations of "password" or "abc123," but even people who choose more unique terms usually fail to add in symbols and numbers. Weak passwords are easily broken. Something like h34ub@is*% isn't. About.com has an excellent tutorial on how to create a strong, yet easy-to-remember password. (Note: ConsumerSearch is owned by About.com, but the two don't share an editorial affiliation.)
Don't use the same password twice. Yeah, there are a lot of websites out there, and a lot of them require passwords. If you use the same password/username combo over and over again, a breach at one service could cascade into widespread disaster. Password managers like LastPass or KeePass -- both of which are free -- store your collective passwords and only require you to remember a single login for the password manager itself. (Make it strong!) That makes it easier to have different passwords at every site. Plus, password managers can automatically generate strong passwords for you.
Don't log in with social media accounts. More and more sites are enabling users to sign in with Facebook or Twitter. Sure, it's fast and easy, but if your social media account gets compromised, all those other sites do, too.
Use two-factor authentication. Google, Facebook and others give users the option to use "two-factor authentication," which means you need a special code, in addition to your username and password in order to log in. A text message with the code is sent to your phone when you try to sign in to your account. If you don't have that code, you can't sign in, even if you enter your password correctly. It's annoying, but it keeps hackers from digging around in your account, and Honan says his epic hack could have been avoided if he'd activated two-factor authentication on his Google account.
You can often tell services with two-factor authentication to recognize a particular computer for up to a month to cut down on the everyday hassle. You can also print out single-use ten-digit authentication codes for your Google account if you think you won't have your phone handy when you need it. (For instance, if you're traveling abroad.)
Don't pick easy security questions. It's easy for the bad guys to find your childhood address, your eye color or your mother's maiden name. Pick the more obscure security questions, and better yet, answer them wrong -- but be sure to give the same wrong answer consistently so as not to confuse yourself. For example, when a site asks for your mother's name, give it your least-favorite marsupial or disco band instead.
Back up your data! Honan lost a year's worth of data because he assumed it was safe and sound in the cloud. Now, all his pictures of his daughter are gone. Use cloud storage to back up your data, for sure -- I do! -- but create local backups on DVDs or external hard drives for the really important stuff.
Don't use "Find My Mac." While, "Find my iPhone" works great, Honan warns that, for your Apple laptop, the security implementation could delete your Mac's data for good if a bad guy gets hold of your iCloud account.
"When you perform a remote hard drive wipe on Find my Mac, the system asks you to create a four-digit PIN so that the process can be reversed," he writes. "But here's the thing: If someone else performs that wipe -- someone who gained access to your iCloud account through malicious means -- there's no way for you to enter that PIN."
An alternative: Rather than using Apple's Find My (Device), I'd recommend downloading and installing the truly excellent Prey software instead. The device-tracking service is totally free, works with Windows and Linux PCs, Macs, and Androids and iPhones, and won't be compromised if your iCloud account gets hacked.
Encrypt the important stuff. It may be a bit techy, but if you're putting really sensitive data in the cloud -- like financial records or official documents -- I'd recommend encrypting the file with TrueCrypt or other encryption software before you upload to make sure it stays Your Eyes Only.
