消费者维权集团Public Knowledge网络安全政策总监Megan Stifle说：“鉴于在线业务的不断增长，消费者可能会在多个网站使用相同的密码。此举会将消费者置于险境。如果某个网站的密码遭到泄漏，例如其邮箱账户，那么黑客会尝试使用同样的密码和简单的密码变体来入侵用户收件箱中最为重要的网站。”
Yubico解决方案业务副总裁 Jerrod Chong说：“我们可以这样来看。人们开车需要钥匙，打开房门需要钥匙，秘钥则是证实人们在线身份的实体钥匙。从实体YubiKey中获取机密信息的难度比从手机应用中获取此类信息的难度要大得多。”
For consumers, the cloud is a big blessing: It lets them store huge amounts of information—music, messages, photos and so on—at little or no cost. Thanks to a wide array of services, it’s possible to squirrel away as much digital data as you like without buying extra equipment like hard drives or memory sticks.
The cloud, in this sense, is like a big free storage locker — but one that poses a special security danger. Unlike a physical file cabinet, data stored in the cloud can be at risk of being stolen by cyber-criminals around the world. And if the crooks do strike, they are likely to get hold of an enormous amount of information.
The most common way crooks get into cloud services is by getting a consumer’s password and letting themselves into the account. They can do this by hacking a cloud company’s database, tricking a consumer into revealing it (often using an email that purports to be from the company) or simply guessing it—many consumers today still use easy-to-guess passwords like “123456” or “password.” Meanwhile, consumers may re-use passwords, which can lead to a series of additional digital break-ins.
“Given our ever-growing online presence, consumers may be tempted to use the same password across multiple websites,” says Megan Stifle, cybersecurity policy director at consumer advocate group Public Knowledge. “This leaves consumers very vulnerable. If the password is compromised at one site, e.g., at their email account, the [hacker] will try the same password and simple variations of it at the most valuable sites in the user’s inbox.”
Fortunately, cloud companies are paying a lot of attention to the problem of cloud security. Many are offering consumers easy-to-use options to lock down their data. Right now, there are three good options, and all of them involve asking for an extra piece of information when someone tries to log in from an unfamiliar computer.
The first extra-security option comes in the form of a simple text message, and companies like Google and Microsoft have been offering it for a while. It involves sending a code to a consumer’s cellphone, and asking them to enter it along with their password.
While this system is a good one, it can be breached by really determined crooks who can trick cell companies into rerouting the text message to their phone. That’s why some users turn to other solutions to enhance their cloud security.
This second method relies on apps and is offered by firms like Duo and Authy. These apps offer an ever-changing series of numbers that serve as the extra step to go along with a consumer’s password. The app method is slightly more convenient because the user doesn’t have to wait for a text message, and crooks can’t compromise it by going through the phone company.
The third method to secure cloud data doesn’t involve your phone but instead requires consumers to insert a tiny key into their computer. The most popular such device, known as a “Yubikey,” is made by a firm called Yubico and costs as little as $19. It works with popular services like Facebook and Dropbox.
The key method is extra-secure since it requires a user to prove they have a physical object before they can log-in from a strange computer—something that would be nearly impossible for a hacker to do. The key method can also be quicker since it doesn’t involve entering a code delivered to a phone.
“Think of it this way. You have a key to your car, to your house, and this serves as a physical key to your online identity,” says Jerrod Chong, vice president of solutions at Yubico. “Extracting the secrets from your physical YubiKey is significantly more difficult than a phone app on your phone.”
All three methods are easy to use. For most consumers, the biggest step is instructing the different cloud computer companies they use—Google, Microsoft and so on—that they want to implement them. This involves going into the security settings and adding the extra defense measure, which is often described as “two-factor authentication.” (Often the quickest way to find this setting is by searching the web for something like “Dropbox two-factor.”)
The bottom line, though, is that consumers are increasingly putting their most valuable information in the cloud, including their documents and their photo memories. As they do so, it’s becoming more critical than ever to add extra security.
This article originally appeared in Time.com