Apple is warning its users about coordinated attacks on the iCloud storage service. I’m sure there are similar attacks on other cloud providers.
But keeping your account information secure and protected isn’t that difficult.
All of the really good cloud hosts have two-step verification enabled for their account holders. I’m really surprised at the number of cloud users who don’t have this protection enabled.
Two-step verification requires two different forms of verification to ensure that you’re the appropriate user. Often, this second verification is a number sent via email or text message that gets entered before allowing access to the program.
Google also created the Google Authenticator app to compliment its two-step process. Authenticator generates a verification code about every 30 seconds for each connected account.
The app works in airplane mode, which gives you access to your accounts when you’re not able to receive text messages. I use Authenticator over SMS simply for convenience (I don’t have to wait for a text message).
Here are links to instructions for setting up 2-step verification on the major services:
Google describes the process:
Security Key is a physical USB second factor that only works after verifying the login site is truly a Google website, not a fake site pretending to be Google. Rather than typing a code, just insert Security Key into your computer’s USB port and tap it when prompted in Chrome. When you sign into your Google Account using Chrome and Security Key, you can be sure that the cryptographic signature cannot be phished.
Security Key seeks to protect users against phishing, and doesn’t require a mobile device or internet connection. Of course, if you only use a mobile device to access websites, or you’re not a Chrome user, Security Key isn’t a good option. I have a key coming, so I’ll describe the features in a future post.
Password, pattern, or PIN
I’ve dropped back to using a PIN to unlock my phone. Android 5.0 has a “trusted device” option, so it’ll keep the phone unlocked as long as it’s connected to my Android Wear watch (or other Bluetooth device). Upon disconnect, I’ve set up a 6 digit PIN that’s required to unlock my phone. On my other devices, I use a longer-than-convenient password to unlock.
You can easily setup password, PIN, or pattern — remember the 3 P’s of mobile security — on your Android device. Click Settings > Security > Screen lock.
Use a decent (at least 6 characters) pattern, PIN, or password to secure your mobile device. Android 5.0 eliminates face unlock, which rarely worked, and you should never use swipe or none.