Features, Technology – The Heartbleed bug exploit and a series of high profile hacking attacks over the last year or so, have highlighted the fact that the more we make use of internet based storage for our personal information, the greater the risk we take.
Hackers are now making use of highly sophisticated techniques to bypass, steal or guess our passwords. Even without stealing passwords through exploits like Heartbleed, hackers can use powerful computers to launch brute force password attacks, which can break even strong passwords, in a relatively short space of time. These attacks throw millions of password combinations per second at the intended target, until they eventually guess the right one.
The fact is that we are now entering an age when passwords alone are not going to be sufficient to protect the increasing volumes of personal data we have stored in the cloud.
But what if we could make use of a device most of us carry with us everywhere to act as a secondary key? A key that could prevent someone from logging into your account with a stolen password, unless they also had physical access to this key?
I refer to the humble mobile phone.
Most of the main internet service providers – Google, Facebook, Dropbox, PayPal etc. all provide a little publicised, secondary key option, known as two-factor authentication. Using two-factor, a code number is sent by the service provider to a registered mobile phone number, or generated by an app, whenever a new device logs into a protected account. This way, even if a hacker had access to your password, they could not log into your account, without also being able to enter the code number displayed on your mobile phone.
There is some inconvenience trade off against security, of course. You won’t be able to access your account from a new device, unless you have your phone with you. If you lose your phone, you’ll only be able to access your account from a previously authorised device, before you can update the two-factor settings. However, for the extra security offered, I think the pros far outweigh the cons.
Although no system will ever be 100% secure, it’s a fact of life that we are all going to have to take additional precautions with our data security, if we are to avoid falling victim to the darker side of the internet.
See below for linked instructions to enable two-factor authentication on a number of popular cloud based services.
Apple ID – https://support.apple.com/kb/HT5570
Dropbox – https://www.dropbox.com/help/363/en