Securing access to online banking, email and other cloud services is critical but do you remember your passwords?
I think you should not. Why do I say that? Take a listen…
All Clouds Considered is brought to you by Cloud Genius®
Cloud Genius is a top 10 rated institution built by industry experts focused on helping businesses succeed with the cloud and helping you transform your professional career.Take a test drive at https://be.a.cloudgeni.us
If you can remember most of your passwords, you are either a superhuman or you are doing this password thing wrong. A password that someone can typically remember is not secure enough.
Automatic password management
You have probably heard of security breaches at Snapchat, Target, Adobe, Drupal, Last.fm, Samsung, Apple, Lastpass, in the last few months. With cloud security being an issue of prime importance, how do you choose a password that you can make sure won’t cause you too much damage if it gets compromised? Many people use the same password (or its derivative) for every website or service they use. However, you can probably see a problem with that. If one account were to be compromised, all of the other accounts are in danger as well. One technique to solve this issue is to create a unique password for every service you use. But now, this leads to a bigger problem. How would you remember so many different passwords or how would you save them somewhere in a secure manner?
One solution to this problem that I like and use is Mitro. I use Mitro because it is an open source product. There are several other solutions available: 1Password, CommonKey, Dashlane, KeePass, Keeper Password Manager, LastPass, Meldium, Password Genie, Password Safe, RoboForm, Team Password Manager are just some examples.
Mitro will generate a random password for each cloud service that you use and will encrypt and save these all locally. All you have to do is remember just one password for Mitro and Mitro will log you in to any account that you have used Mitro with. Mitro has browser plugins for most browsers and is a simple and efficient solution to the problem of creating secure passwords.
I recommend that you try Mitro. For our corporate clients, I recommended SAML based Single Sign-on onto some centralized directory service and then login to other cloud services from there.
Password alone is not enough – You need additional layer of protection
A common technique most modern services provide is to use 2 step verification (also known as 2 factor authentication or 2FA). Think of it as a pin code (aka a token or a one time password) that you would provide on top of your password. 2FA is a bit more secure because the only way to log into an account is through providing a one time password that changes when you need to log in next.
There are several tools available that can generate this one time password for you:
- Google Authenticator app on your phone generates one-time password which you must provide after you use your password when logging onto cloud services that are google authenticator enabled.
- Yubi Key is another interesting technology which is available a small USB device that you plug into your computer. Every time you need to log into an account, you simple touch the USB device and it acts as a token for you to log in.
- Don’t like to use these? Some services may allow you to opt-in to receive a one time passcode in your TXT/SMS or delivered to via a phone call.
You can secure Mitro as well with 2FA. Mitro can also help you securely share passwords among your team members as needed.
Push yourself towards using 2 factor authentication. Push your business to adopt single sign-on technologies. These techniques will make the cloud a better place for you.
What techniques do you currently use to secure access to critical services?
Want us to create an episode on a topic of your interest? Let us know and we gladly develop one. I am your host Nilesh. Look forward to seeing you online.
The Show Notes
Mitro
Google Authenticator
Yubi Key
Nilesh on LinkedIn, Twitter, Google+, Facebook
Cloud Genius on LinkedIn, Twitter, Google+, Facebook
Our Podcast Episodes
- 003 Do you remember passwords?
- 002 Reduce cloud vendor lock-in
- 001 Do you remember to backup?
- 000 Introducing All Clouds Considered
Our Blog Posts
- 003 Do you remember passwords?
- 002 Reduce cloud vendor lock-in
- 001 Do you remember to backup?
- 000 Introducing All Clouds Considered
- Onnea Congratulations बधाई हो E ku ori ire అభినందనలు
Our next global cohort just started! - Cloud computing is really about sticking to core competence
- 2015 will have 18.2 million cloud jobs
3.9 million in US with $91K median salary - Available Globally – Next Series Starts Jun 19 via Video Conference
- Already applied to join starting Jun 19? Download Cloud Genius Workstation right away
- Starts Jun 19 – runs MWF 6-9p
003 Do you remember passwords?
No comments:
Post a Comment