Six Lines

Best Practices for a Secure Cloud

Posted by Aaron Massey on 24 Jun 2011.

In light of the Dropbox password snafu and the recent Sony data breach, David Sparks, of MacSparky, offers these best practices for protecting yourself on the cloud:

One thing is for certain, the stakes are only going up as The Cloud (and iCloud) goes mainstream. So does this change the way I am going to use web based storage? Not really. The huge benefits I receive from cloud syncing make it worth the risk. Nevertheless, there are a few things you can do to protect yourself:

  1. Lock up those online accounts with a strong password, not pencil;
  2. Change your online passwords. I change mine every time the clocks change;
  3. Don’t be stupid about what you store up there. Database of 1970’s baseball cards = Yes. Scanned tax returns = no.
  4. If you upload anything sensitive, encrypt it yourself first on your Mac. I wrote about it in the book and there are a lot of online tutorials out there explaining how to do it.

So in response to this latest problem am I going to run out and cancel my Dropbox account? No. I think Dropbox learned its lesson. (At least this lesson). I still think, however, we are not far from The Big One.

I believe the majority of tech-savvy people would agree with this list, but unfortunately, it perpetuates a security myth that can be quite harmful: changing your passwords regularly can be quite detrimental to your overall security. As Bruce Schneier says:

The downside of changing passwords is that it makes them harder to remember. And if you force people to change their passwords regularly, they’re more likely to choose easy-to-remember — and easy-to-guess — passwords than they are if they can use the same passwords for many years. So any password-changing policy needs to be chosen with that consideration in mind.

Two things are far more important than changing your passwords regularly:

  1. Choosing a really strong password, which Sparks mentions.
  2. Not re-using that password at numerous locations.

Any policy on changing your passwords regularly conflicts with these two, more important, goals.

It might seem like a great idea to just choose a simple password, use it everywhere, and then change it regularly. After all, if you choose strong passwords and use a different one for every site you visit, then you’re going to have trouble remembering them. At least with a simple, easy-to-remember password that’s changing regularly the attackers would have to keep breaking it over and over again to have sustained access, right?

The problem is that attackers don’t necessarily want sustained access; they could just as easily be looking for a big one-time score. For example, it would be easier to get away with downloading every document you store in Dropbox and analyzing them later than it would be to sustain access to a Dropbox account for a year. Besides, how often does your sensitive information really change? Social Security Numbers almost never change.

When defending against a one-time score, using a simple password and changing it regularly is a system that fails ugly. The more stuff you ‘secure’ on the cloud using the same password, the more stuff could potentially be accessed in a short period of time based on a single incident at any one provider. Dropbox and Sony are just the recent examples, and they won’t be the last. I’ve written about this before, and I’m sure this post won’t be the last either.