Three ways to step up your own cloud security


Actress Jennifer Lawrence was one of several female celebrities whose photos were taken, apparently from cloud services.  REUTERS/Lucy Nicholson

Data thieves leaked private pictures of some of Hollywood's top celebrities over the long weekend, raising some alarm bells about the security of what users keep in the cloud. Apple said in a statement Tuesday that its iCloud systems had not been breached; rather, the tech firm said thieves stole celebrity photos from Apple accounts by targeting individuals, likely by tricking account holders into giving up their passwords and usernames to break into accounts.

Regardless, storing photos on a cloud (rather than just on your phone's hard drive) presents risks. Here's how to figure out if your photos are on the cloud in the first place--and if they are, how to better protect them.

Find out if you're automatically backing up photos. Several companies offer the option to automatically back up your phone or tablet photos into the cloud. Apple offers this feature through iCloud. Google, Microsoft and Dropbox also let users opt to back up their photos automatically. These are opt-in features -- users have to turn them on themselves --  but many people forget that they signed up for these options when setting up their accounts. You can check for these options in your settings. For Apple users, the menu you need is in the "iCloud" section of your settings, under "Photos." Google users should check the "Auto Backup" setting on their Google+ apps. Microsoft users can turn the option to upload photos to SkyDrive in the settings for their Photos app on Windows Phone devices; Dropbox users can turn the option on and off in the settings for the service's app.


A look at the automatic backup settings for Google+ and iCloud. (Screengrabs by Hayley Tsukayama)

Uploading photos automatically is a useful feature, particularly for when you're organizing photos and worried about accidentally deleting something you want to keep. But if you're taking pictures of something -- or someone -- that you don't want sent to the cloud, then it's probably best to turn off that setting.

Use two-factor authentication. "Two-factor authentication" is one of those jargony Internet terms that makes everyone's eyes glaze over. But regardless of whether you are automatically uploading your photos , you should protect your data by turning it on, when it's offered. Basically, "two-factor authentication" adds another layer of security to your accounts by asking you to enter a short code in addition to your normal username and password. This code, which is random, is often texted to your phone, or generated by an app such as Google Authenticator or the Facebook app. This ensures that even if someone does get your password, they will still need your phone to get into your account. Some companies, such as PayPal and Bank of America, even let customers buy a physical card that will generate a code for them if they don't have a cellphone or don't want to use it as part of their log-in process. Yes, two-factor authentication is a little less convenient, but many find that's worth it for the added security.


A look at Google and Apple handle two-factor authentication. (Authenticator shot Courtesy of Google; Screengrab by Hayley Tsukayama)

 

Still, it won't protect you in all cases. Having a strong password is still important, particularly for Apple users.

Learn to avoid falling for the hackers.  Of all the things you have to do to protect your data, this may be the hardest part: not falling for schemes as they come. Attacks often succeed because criminals have been able to trick people into giving up their credentials -- no fancy technical knowledge, just a willingness to prey on people's credulity. Often users get e-mails that look like they come from companies they trust -- their bank, Facebook, Google, PayPal -- that are really vehicles for theft. For that reason, you should be wary of any e-mail that you aren't expecting asking you to reset your password. If you get a password reset e-mail and you didn't click a "Forget password?" link for that site, then you should not click on it. And you should definitely not send your password to anyone in response to an e-mail like that. If it happens at work and you're not sure what to do, send an e-mail to your company's IT department.

These mysterious emails could be coming from someone who has your e-mail address and is trying to break into your account, or it could even be an e-mail that directs you to a fake site. Either way, it's not a bad idea to change your password-- just in case someone's trying to hack you. For example, if you get an email that appears to be from Facebook, type in the URL for Facebook in your address bar directly, and start the process yourself by clicking the "Forgot password?" link or heading into your account settings.

Hayley Tsukayama covers consumer technology for The Washington Post.
Comments
Show Comments
Most Read Business
Next Story
Brian Fung · September 2