The massive iCloud hack that exposed photos of female actresses stored in their personal Apple accounts, has left many—including myself—scrambling to change their passwords.
Some speculated that the hack was due to a vulnerability in Apple’s Find My iPhone feature, with which hackers used a “brute force” attack to guess the passwords on celebrities’ accounts, The Next Web reported.
Apple has since denied those reports, instead claiming it was a “very targeted attack” on usernames, passwords, and security questions—the keys to nearly any online account.
If celebrities can be attacked, so can you. So what can you do?
Understand The Cloud
Strong passwords are just one way Internet users can protect themselves from having their data stolen by malicious attackers. And photos aren’t the only things we have to worry about. Everyone tut-tutting actresses for taking risqué photos should think twice about where their personal data is stored. Oh, that’s right—it’s in the cloud, too.
The thing about “the cloud,” is that no one really understands it. It’s a deliberately vague term for computer servers you access over the Internet.
Remember the scene from Zoolander when Owen Wilson’s character suddenly has an epiphany that “the files are in the computer”—and then tears open the machine looking for them? When it comes to the cloud, our understanding hasn’t improved much.
Even CNN doesn’t know how to explain the cloud to viewers. It ran a story with the lower third “Leaked Nude Pics May Be From The Cloud.”
Cloud servers are like any computer: You can put files on them, and access them later. Since they’re on the cloud, you don’t have to have access to a physical device, or worry about how much space your laptop’s hard drive has, since cloud servers typically have far more space than our own personal machines do.
The tradeoff for this convenience is security. If you can access your files using a username and password, so can anyone else who gets ahold of your credentials. And you have to rely on those companies to implement smart versions of the latest security protocols.
Cloud storage service likes Dropbox, Box and Google Drive make it simple to save and share files. iCloud, Apple’s cloud storage, automatically backs up your information like photos and documents, in case your phone or laptop needs to be replaced.
We have a fundamental expectation of privacy and security when using these services, especially when a company is automatically backing up the information to its servers. But that expectation can fail us.
Find The Right Cloud Storage
It’s hard to completely secure your cloud storage without jumping through a lot of hoops, which we’ll get to shortly. But the first step is figuring out where you want your documents to be stored.
Don’t sign up for new cloud services without researching it. That includes reading the privacy policies of any company you agree to give your data to. Do they have encryption built in? Do they give your data to governments when requested? Do they control their own servers, or do they rent out servers from other companies? (Dropbox and Apple, for example, both use Amazon’s servers for a portion of their online services.)
If security is your top priority, you might consider services like SpiderOak, which automatically encrypts all your data and prevents even the company from knowing what you’re uploading. But that means giving up the ease of sharing files with friends through Dropbox or collaborating with colleagues using Google Drive.
For most of us, convenience usually wins out. You should at least know that you’re making that tradeoff, however.
Use Secure Passwords
According to Apple, the hackers targeted usernames, passwords and security questions, which are the first lines of defense for users.
Simply changing an “S” to a “$” does not make your password secure—especially if you recycle that password from site to site. Hackers attack less secure services and harvest usernames and passwords—and then try them on other services.
Adding unique characters along with letters and numbers is smart, but so is using passwords that are hard, if not impossible, to guess. The best passwords are a collection of random letters, numbers and punctuation, without any words you’d find in the dictionary. And each online account should have a different, complex password.
Does that sound impossible to keep track of? It pretty much is, unless you get some computerized assistance. Password managers like 1Password andLastPass provide a way to save and manage passwords, and you can carry and access your data on multiple devices.
Enable Two-Step Verification
If someone is trying to illegally access your personal information from the cloud by using your password, you might not realize it—unless you have two-step verification enabled.
With two-step verification, it’s necessary for you to input two different pieces of data in order to access your personal information. Typically, that’s your password and a different code sent as a text or generated by an app on your mobile device. The code will change each time you log in.
Two-step verification can be frustrating and time-consuming, which is why many consumers elect to ignore it. But it saves you from having to clean up the potential mess a hacker could make with your credit card information or naked pictures stolen from the cloud.
Encrypt Your Files
If you’re not using a service that automatically encrypts your files, like SpiderOak or Mega, you may want to encrypt them yourself.
Google, Dropbox and Microsoft don’t offer file encryption as a built-in feature. While they may encrypt your transmissions between data centers, once you’re logged in, the files are available in unencrypted form. Most consumers don’t request it, because it can be difficult to use, and encryption can be complicated for companies to enable, according to Wired.
Imagine Google Drive with no search capabilities, or Dropbox with no preview. None of those features would work with encrypted files, because they’d be unreadable by Google and Dropbox’s server software. And if Google doesn’t have the encryption keys it can’t help you out if you lose a password.
Boxcrytor and Viivo both offer DIY cloud encryption, which means you can encrypt all your files before uploading them to the cloud. These companies won’t have access to your secret keys to decrypt files, which means your data is safe from prying eyes that don’t have access to your unique key.
Ultimately, we’ll need better forms of protection. Apple’s TouchID fingerprint sensor is an interesting example of authentication using biometrics, or physical aspects of our bodies. PayPal’s Braintree aims to detect fraud by looking at information about how we’re using our mobile phones at the time we make a transaction. Companies are using sophisticated behavioral modeling to detect hackers on their networks: Perhaps one day, we’ll be protected by similar technology that can tell through the way we tap on our phone’s keyboards or the time of day we access our devices that we are who we say we are.
Until then, we’re left changing our passwords, enabling two-factor verification, and hoping for the best.
Dropbox now has 275 million users, most of them consumers who use the service to store their personal files and images. But it’s precisely its popularity at home that could help Dropbox at work, as the company pushes out its latest Dropbox for Business update on Wednesday.
All Work And All Play
Last November, Dropbox announced some long-awaited updates to Dropbox for Business. The most crucial one was a tweak to Dropbox’s familiar, simple interface: In place of the single desktop file folder labeled “Dropbox,” business users would find two folders, one labeled “Personal” and one named after their employer.
Those updates are now live. Dropbox users whose workplace has paid for the service can share pictures, videos, documents and other files, switching between work and personal files without having to juggle two accounts. At the same time, their employers can manage their work files without touching their personal files.
In the past, Dropbox customers had to switch accounts, use kludges like Chrome’s incognito browsing mode, or just mix together personal and business files. While it seems obvious that people might want to share all kinds of files with Dropbox, accommodating this scenario was actually quite a technical problem for the company. It required a full-scale rebuild, according to Ilya Fushman, head of Dropbox for Business.
That rebuild frees up Dropbox to build new features, while keeping most of the simplicity Dropbox is known for. In the place of one folder for all your files, there are now two.
Its rollout comes at a critical time. While Dropbox retails storage services to consumers and businesses, Google, Amazon, and Microsoft are slashing prices for wholesale storage. In the short term, this seems like it should be good for Dropbox, dropping the price it must pay Amazon and other service providers for storage and bandwidth. In the long run, though, it seems inevitable that those savings will get passed on to consumers, challenging Dropbox’s pricing.
Box, a Dropbox competitor who recently filed to go public, is emphasizing its collaboration features and industry-specific apps built on its platform. Meanwhile, Google and Microsoft have their own Dropbox competitors, Google Drive and OneDrive, which they are weaving closely into their own suites of online apps.
Dropbox’s account-linking strategy takes full advantage of its biggest asset—its 275 million users, whose ubiquity is a big reason why it’s worked its way into businesses in the first place. People use the tool they’re familiar with in the workplace, and when they need to share with contractors, partners, or other outsiders, the odds are good that they, too, have a Dropbox account.
All those consumer accounts—most of them free—still have value for Dropbox. They are word-of-mouth marketing for the brand and built-in leads for its salesforce. That’s why Dropbox is a prime example of how a consumer-friendly tool can work its way into businesses.
Still, some workplaces ban Dropbox, fear that files will leak out through it. Can Dropbox find its way into these locked-down environments with complex security requirements?
It already has in some cases. Here are some of the features Dropbox has rolled out, in the hope of getting a slice of the IT budgets currently going to giants like IBM and Microsoft:
- Remote wipe: Systems administrators can automatically wipe a business account if they think the account may be compromised—just the business files, leaving personal files untouched.
- Downloadable audit logs: Customers can have more visibility into who is sharing which documents. Those logs can then be put into an analytics system like Splunk for deeper probing.
- Account transfer: Turnover is a fact of business. Account transfer—a feature already seen in Google Drive—moves files from an ex-employee to a current employee.
Even with these new features, Dropbox faces an uphill battle in courting businesses against Box and Microsoft, which have more feet on the street calling on large businesses.
Microsoft is the real power when it comes to documents, thanks to its Office suite, where so many work documents begin. Office is increasingly tied into OneDrive, the company’s file-sharing and -storage service.
It seems unlikely that Dropbox will hire a large army of salespeople to respond. It still has more jobs listed for engineers than for salespeople—and its sales openings include titles like “sales engineer” and “solutions architect.” While others sell, sell, sell their products, the updates to Dropbox for Business represents a bet that the company can engineer its way to customers’ hearts—at home, and at the office.
Really terrible Photoshop, for which he apologizes, by Owen Thomas for ReadWrite