保护云端数据安全的三种方式

对于消费者来说，云技术是一个巨大福音：它能够让消费者以很低的成本或零成本储存海量的信息——音乐、信息、照片等等。借助各种各样的服务，人们可以随意存储更多的数据，而不用购买额外的设备，例如硬盘或记忆棒。

从这一点来看，云技术像一个巨型免费存储柜，但它也存在特殊的安全隐患。与实物文件柜不同的是，存储在云端的数据可能存在被全球网络罪犯盗窃的风险。如果这些不法分子发动袭击，他们很有可能会获得巨量的信息。

不法分子入侵云服务最常用的方式是盗取消费者密码，然后进入其账户。他们实现这一做法的方式包括，入侵云服务公司的数据库，欺骗消费者提供其密码（通常使用伪装成云服务公司的电子邮件）或直接猜测用户的密码，因为很多消费者如今仍在使用那些并不难猜的密码，例如“123456”或“password”。与此同时，消费者可能会重复使用同一密码，而此举会导致一连串的账户遭到入侵。

消费者维权集团Public Knowledge网络安全政策总监Megan Stifle说：“鉴于在线业务的不断增长，消费者可能会在多个网站使用相同的密码。此举会将消费者置于险境。如果某个网站的密码遭到泄漏，例如其邮箱账户，那么黑客会尝试使用同样的密码和简单的密码变体来入侵用户收件箱中最为重要的网站。”

幸运的是，云服务公司非常重视云端安全这一问题。很多公司正在为消费者提供简单易用的方式来保障其数据的安全性。目前有三种比较稳妥的方式。当有人试图从陌生计算机登录账户时，这些方式都会要求登录者提供额外的信息。

第一种额外的安全保障方法使用的是简单的短信，诸如谷歌和微软这类公司在很久之前便已开始使用这种方法，即向消费者的手机发送验证码，然后要求在输入密码的同时输入验证码。

尽管这种方法有其优点，但仍能够被顽固的不法分子攻破，因为他们可以欺骗通信运营商，让运营商将短信发送至自己的手机。这也是为什么一些用户转而使用其他解决方案来提升其云端安全的原因。

第二种方法靠的是手机应用，使用这类方法的公司包括Duo和Authy。这些应用提供一种不断变化的序列号，来作为消费者密码的一种辅助手段。该应用的方法相对来说更简便，因为用户无需等待短信，而且不法分子也无法通过欺骗运营商来进行破解。

第三种确保云数据安全的方法无需使用手机，但需要消费者在电脑上插入一个小型秘钥装置。这类设备中最常用的莫过于“Yubikey”，由名为Yubico的公司制造，价格仅为19美元。它能够兼容像Facebook和Dropbox这类常用的服务商。

这种秘钥的方式更加安全，因为它要求用户在陌生电脑上登录时出具秘钥实体，而黑客做到这一点的可能性几乎为零。秘钥这种方式也更加迅速，因为它无需输入发送至手机的验证码。

Yubico解决方案业务副总裁 Jerrod Chong说：“我们可以这样来看。人们开车需要钥匙，打开房门需要钥匙，秘钥则是证实人们在线身份的实体钥匙。从实体YubiKey中获取机密信息的难度比从手机应用中获取此类信息的难度要大得多。”

以上三种方法都十分便利。对于大多数消费者来说，最重要的一步在于告知为他们提供服务的各大云计算公司（包括谷歌、微软等等），他们希望实施这些方法。此举涉及进入安全设置，添加额外的防御措施。这些措施通常又称为“双重验证”。（通常，寻找这一设置最简单的办法就是在网络上搜索“Dropbox双重验证”这类关键词。）

总之，越来越多的消费者正在利用云端来储存其最宝贵的信息，包括其文件和照片。随着人们对云服务的日益倚重，使用额外的安全验证手段比以往任何时候都更为重要。（财富中文网）

本文最初发表于Time.com。

译者：冯丰

审稿：夏林

For consumers, the cloud is a big blessing: It lets them store huge amounts of information—music, messages, photos and so on—at little or no cost. Thanks to a wide array of services, it’s possible to squirrel away as much digital data as you like without buying extra equipment like hard drives or memory sticks.

The cloud, in this sense, is like a big free storage locker — but one that poses a special security danger. Unlike a physical file cabinet, data stored in the cloud can be at risk of being stolen by cyber-criminals around the world. And if the crooks do strike, they are likely to get hold of an enormous amount of information.

The most common way crooks get into cloud services is by getting a consumer’s password and letting themselves into the account. They can do this by hacking a cloud company’s database, tricking a consumer into revealing it (often using an email that purports to be from the company) or simply guessing it—many consumers today still use easy-to-guess passwords like “123456” or “password.” Meanwhile, consumers may re-use passwords, which can lead to a series of additional digital break-ins.

“Given our ever-growing online presence, consumers may be tempted to use the same password across multiple websites,” says Megan Stifle, cybersecurity policy director at consumer advocate group Public Knowledge. “This leaves consumers very vulnerable. If the password is compromised at one site, e.g., at their email account, the [hacker] will try the same password and simple variations of it at the most valuable sites in the user’s inbox.”

Fortunately, cloud companies are paying a lot of attention to the problem of cloud security. Many are offering consumers easy-to-use options to lock down their data. Right now, there are three good options, and all of them involve asking for an extra piece of information when someone tries to log in from an unfamiliar computer.

The first extra-security option comes in the form of a simple text message, and companies like Google and Microsoft have been offering it for a while. It involves sending a code to a consumer’s cellphone, and asking them to enter it along with their password.

While this system is a good one, it can be breached by really determined crooks who can trick cell companies into rerouting the text message to their phone. That’s why some users turn to other solutions to enhance their cloud security.

This second method relies on apps and is offered by firms like Duo and Authy. These apps offer an ever-changing series of numbers that serve as the extra step to go along with a consumer’s password. The app method is slightly more convenient because the user doesn’t have to wait for a text message, and crooks can’t compromise it by going through the phone company.

The third method to secure cloud data doesn’t involve your phone but instead requires consumers to insert a tiny key into their computer. The most popular such device, known as a “Yubikey,” is made by a firm called Yubico and costs as little as $19. It works with popular services like Facebook and Dropbox.

The key method is extra-secure since it requires a user to prove they have a physical object before they can log-in from a strange computer—something that would be nearly impossible for a hacker to do. The key method can also be quicker since it doesn’t involve entering a code delivered to a phone.

“Think of it this way. You have a key to your car, to your house, and this serves as a physical key to your online identity,” says Jerrod Chong, vice president of solutions at Yubico. “Extracting the secrets from your physical YubiKey is significantly more difficult than a phone app on your phone.”

All three methods are easy to use. For most consumers, the biggest step is instructing the different cloud computer companies they use—Google, Microsoft and so on—that they want to implement them. This involves going into the security settings and adding the extra defense measure, which is often described as “two-factor authentication.” (Often the quickest way to find this setting is by searching the web for something like “Dropbox two-factor.”)

The bottom line, though, is that consumers are increasingly putting their most valuable information in the cloud, including their documents and their photo memories. As they do so, it’s becoming more critical than ever to add extra security.

This article originally appeared in Time.com