Protecting Yourself in The “Cloud”
3 Tips to Help Keep Your Information Safe in the Cloud
If you have been watching the news or reading the headlines over the past week, “cloud-based” hacking has caught your attention. Notice I said cloud-based, and not iCloud. That’s because regardless of what you have been told, this is not an Apple-only issue. Any type of device you use and all online services you subscribe to—whichever operating system you prefer—requires a robust password to start with. Most of the celebrities who have been compromised were targeted, and the information needed to hack their accounts was pulled from public sources, such as interviews. When people know your favorite pet’s name is Fluffy, it gives them a foothold into your privacy. Then they start chipping away until they break in.
Tip #1: Always Start with a Strong Password.
A weak password:
- Is no password at all.
- Contains your user name, real name, or other personal identifier.
- Contains a complete dictionary word. For example, Password is a weak choice, P@$$W0®d is better, but still fairly easy to guess.
A strong password:
- Is at least seven characters long.
- Does not contain your user name, real name, or other personal identifier.
- Does not contain a complete dictionary word.
- Is significantly different from previous passwords. Passwords that increment (e.g. Password1, Password2, Password3) are not strong.
- Contains characters from each of the following four groups:
Uppercase letters: A, B, C …
Lowercase letters: a, b, c …
Numerals: 0, 1,2, 3 …
Symbols found on the keyboard: ~ ! @ # $ % ^ &…
And while it may be a bit more tedious, use several sets of passwords depending on what you are securing, maybe one for your financial transactions, a different one for Facebook or Twitter.
Tip #2: Use a Two-Step Verification.
A two-step verification process helps protect your accounts with both a password AND your phone. If your mobile device or cloud service offers a two-step verification, use it. It may require more steps to unlock a device, or log into your account, but the extra steps are well worth the added level of security.
Here’s how it works: Whenever you initially log into an online account, you are sent a text message with a confirmation code. Once you enter your confirmation code, you can tell your account to NOT ask for a code again on that particular computer or device. From then on, that computer will only ask for your password when you sign in.
This is where the security kicks in. When you or anyone else tries to sign in to your account from another computer, a verification code will be required. If you didn’t ask for it, you know someone may be trying to hack into your account.
How do you set it up? It’s a simple enough process, but you’ll need to set aside a little time to get everything going. For the iPhone running iOS 7, see below, for Android and Windows phones, consult your carrier or manufacturer for details.
- Head over to the My Apple ID page.
- Click Manage your Apple ID and sign into your account.
- Head to the Password and Security section and answer your security questions.
- Under the Two-Step Verification heading, click the Get Started link.
- Click Continue and then confirm that you want to enable the extra security by clicking Continue again.
- Click Get Started. Be patient. It may take up to three days time to send you a notice that it’s ready to be activated. Typically, I’ve only had it take a few minutes.
You’ll receive a reminder email, and you’ll need to head back to the site too. You’ll then be guided through the process of linking a trusted device to your account and setting up a recovery PIN. When you log into your account in the future, a PIN will be sent to your device, and you’ll need to confirm your identity by providing this code.
While using a two-step verification will help to improve the security of your account, it is not the final word in security. Using a third-party application or service that can securely store your passwords is also a good idea. There are many out there. I personally use 1Password. It provides a stand-alone application on my computer, plug-ins for my browser, as well as an App for my mobile device. They all share the same data file. For this and others, click here for Macintosh Password Managers or here for Windows Password Managers.
Tip #3: Be Creative with Your Email Accounts in the Cloud.
While there is no absolute guarantee of security, you can make it as difficult as possible. Here are a couple of email pointers:
- Create a dummy email address for the sole purpose of connecting to non-essential websites you want to visit that require you to create an account.
- Use different email accounts for less important and more important online transactions, such as banks and credit cards. This way, if you get a fraud alert to a non-finance related address, you know it’s likely bogus.
- DO NOT click on any link or respond to any email, unless you know for certain it’s legitimate. Regardless of what the From: says, it is very simple to spoof this. Most email programs will show you the real senders address if you hoover your mouse over the From: field. See example:
Lastly, unfortunately, clicking the unsubscribe button simply tells the spammer that your address is a legitimate address, and will most likely guarantee you end up on more spam lists.
C. David Joyce is the owner of iCare4Macs, an LA-based consulting firm specializing in the Apple product line since 1992. He provides all levels of computer support for medium-sized businesses, small companies and home users. His services range from networking and Internet access, to security and configurations. Best of all—unlike many larger companies—he makes appointments and comes to your location. www.icare4macs.com, 818-415-4051.