Security tips for working in the cloud

November’s issue of The Atlantic gives an unfortunate first-hand account of what can happen if your primary email account (in this case Gmail) gets hacked. See James Fallows’ full article Hacked! for all of the gory details. He does at the end provide some valuable tips for keeping your privacy and data more secure.

1. Protect your primary email account
– if you use Gmail, use Google’s new “two-step verification” which sends a text message code to your phone to verify you are you
– make sure the recovery information for your account—a backup e-mail address or cell phone where you can receive password-reset information—is current.

2. Choose a strong password
– Choose a long sequence of ordinary words. Use spaces between them like an ordinary sentence (which more and more sites now allow). “The Evergreen State College has many large trees,” for instance.
– Choose a shorter sequence of words that are not “real” English words. Perhaps an obscure foreign city or name.
– Choose a truly obscure, gibberish password and use password management tool like LastPass, RoboForm or 1Password

3. Use different passwords
– Pick unique, strong passwords for sensitive sites like your main email account, your bank, etc. Never use these passwords anywhere else.
– Next are the sites that you would like to not have compromised like shopping sites, airline-mileage accounts, message boards and memberships. Have two or three semi-strong passwords to use among all of them. If one is hacked then so might the others, but you don’t really care.
-Then there is everything else, all of the annoying little logins we all have to deal with. Choose one or two passwords to be shared by them too.

By making it easy to deal with unimportant accounts, you can concentrate on protecting the ones that matter.

For more tips on safe on-campus computing see:
The Ten Most Important Things You Should Know About Computer Security on Campus