The weekend theft of intimate photos from the online accounts of celebrities has raised fears about the security of storing information over Internet cloud servers — and about the pitfalls of “sexting.”
The practice of sending sexually explicit messages between mobile devices is growing but many of those involved are doing so with little forethought, says Ontario’s former privacy commissioner Ann Cavoukian.
Currently the executive director of the Ryerson Institute for Privacy and Big Data, she says people need to practice “safe texting” to assure that intimate photos are viewed only by intended recipients.
Cavoukian says people sending sensitive material need to start with a secure password, and to be aware of storage settings.
IPhone users are advised to disable iCloud under settings so that material is also removed from backup storage when it is deleted from a device. Auto backup settings under Google+ in Google Settings can be adjusted on Android handsets.
Cavoukian suggests using a password in two languages with a number in between and a capital first or last letter to make the account “highly resistant to dictionary attacks.”
Apple acknowledged Tuesday that computer hackers broke into the accounts of several celebrities, a security breakdown it blamed on the intruders’ ability to figure out passwords and bypass other safeguards.
Apple said it found no evidence of a widespread problem in iCloud or its Find my iPhone service. Instead, the affected celebrity accounts were targeted by hackers who had enough information to know the usernames, passwords and answers to personal security questions designed to thwart unauthorized entries, according to Apple.
“The short answer is the cloud is often more secure than other storage,” said Rich Mogull, CEO of security research and advisory firm Securosis.
But that doesn’t mean it is completely immune.
Tim Bajarin, an analyst at technology research firm Creative Strategies, recommends having different passwords for each account you hold online, so a breach in one system won’t compromise another. It is also important to have a number and punctuation mark in each password, or a creative spelling of a word to make it harder to guess.
Another way to make your information harder to hack is called multi-factor, or two-step, identification. That means the first time you log onto an account from a new device, you are asked for a second form of identification. Usually, that involves getting sent a code as a text on your phone or an email. A hacker who has your password would still need physical possession of your phone to get the text.
Most major cloud services, including Apple’s iCloud, Google Drive and Dropbox, offer this kind of protection. Amazon’s Cloud Drive is the notable exception. But you usually have to turn this on.
“If you really want to be safe, keep confidential information off your service provider and back it up to an external hard drive the old-fashioned way,” Gartner analyst Avivah Litan said.
- With files from the Toronto Star’s wires