Users of cloud services may have felt a little uneasy last week when Adobe, maker of graphic design software such as Photoshop and InDesign, reported that hackers had stolen information about 2.9 million customers. Included in the haul were Adobe customer IDs and encrypted passwords, many of which allegedly belonged to users of Adobe’s Creative Cloud service.
The attack highlighted again the opposing relationship between convenience and security. One of the greatest benefits of cloud software and services – that it can be accessed from a browser on any device with just a username and password – is also a weakness. If someone else gets hold of those details they can access your data too.
Luckily there are three easy steps you can take to limit the damage.
Unique Passwords
The most critical step is to use long, difficult and unique passwords for each service. This should be a mandatory requirement for employees in any business using cloud software. Committing to this policy is practically impossible without a password manager to assist you. I am a heavy user and fan of LastPass; there are others.
If a cloud service is hacked and your unique password stolen, the hackers will only be able to access that particular service. If you use the same password for other cloud software, internet banking or government services, you could find yourself in a pickle.
Two Factor
Some cloud services such as Dropbox, Google Apps and Office 365 offer two-factor authentication. This security measure uses a dedicated mobile phone app to generate a lengthy password that approves your computers and mobile devices for that cloud service. Users still must enter their own username and password to log into the cloud program.
A new two-factor password is generally required every 30 days and is not stored by the cloud service supplier. If a hacker stole your password and username, they would also need to steal your laptop or smartphone to access your data. This is another mandatory requirement for businesses wanting to keep a tight hold of their data.
Single Sign-On
The Google Apps Marketplace contains hundreds of useful, independent apps which work with Google’s cloud software. A Google Apps user can launch a Marketplace-linked app from a drop-down menu in the Gmail interface. Google has already identified the user and so automatically signs in the user to the third-party program.
This approach has two advantages. Third-party programs that use Google’s Single Sign-On service don’t need to store users’ passwords and usernames, so there’s nothing there for hackers to steal.
And of course there’s no password for the user to remember either, which is one less thing to worry about. Just make sure you don’t forget your Google Apps login…