Hello SOTGC community,
I am a big fan of cloud storage services. It’s magic to me, the way that the photos that I take with my cell phone appear on my PC when I get home, without having to connect any cables, and to have my work from my desktop PC instantly available to me on my laptop.
My data is accessible to me alone unless I choose to share it with someone. I’m not a doctor or a lawyer or even a corporate employee, so a security breach would not be a catastrophe to me, and the convenience is worth the risk. But just how much of a risk is it? Should you be concerned?
Most cloud services encrypt the data during transfer to/from the Internet (“SSL” encryption – you’ll know it’s encrypted because of the “s” in “https”), and then again when it’s stored on their servers. So if a hacker is sitting across the room from me in a coffee shop, monitoring everyone’s connection, or if a hacker manages to connect to the cloud service servers, my data is still private as long as he or she doesn’t crack the encryption.
The main risk is if my password gets compromised. Then anyone with my user id and password could access my data. If you’re concerned about cloud security, then it’s important to have a strong password and change it often.
You’ve probably heard that term before, but what does “strong” password mean? How long does it need to be? Do you need special characters? Numbers? How many? Do you need a different password for every cloud service? How do you remember those passwords?
It’s a complex subject and, unfortunately, the recommendations for “strong” passwords keep changing, as the hackers become more sophisticated.
I recommend using a password manager. Let the experts worry about it. A password manager is a plug-in for your web browser. You can use it to generate a password, and it will indicate how “strong” that password is. Once you use that password to log into your cloud service through your web browser, then you can store that password in your “password vault” that the plug-in supplies.
The password manager itself needs a password to log in and retrieve your other passwords, but it’s the only password that you really need to remember. I start with a word that has some personal meaning to me, add a character between syllables, a few numbers at the end (that I’m sure that I’ll remember), and then use the word in a complete phrase.
Some password managers are also cloud services so that you can sync your passwords with all of your devices. They use an extra level of security – your password vault gets encrypted locally, on your own computer, and then transferred and stored unaltered on the cloud server. When you log into the service through your web browser plug-in, the reverse process happens – the password vault is transferred from the cloud down to your PC, and then decrypted.
In addition to using a strong password and changing it often, some cloud services offer an optional two-step authentication. If you’re concerned about security, then you should check if your cloud service offers this, and go through the steps to enable it.
I believe that you can relax about your cloud security if you use a password manager and if you change your passwords regularly. The convenience of using a cloud service far surpasses the slight risk of having your privacy compromised.
Since SOTGC was created to be a forum for discussion we’d love it if you joined the conversation. Please comment with your thoughts below and have a great day.