Is your password secure in the cloud?

Posted by on Oct 4, 2013


Make your password secure

Image from somecards.com

Many of us use the same password over and over again to access our emails, bank accounts, and social networking sites. We tend to use very simple passwords, as they are easy to remember. Sometimes these passwords can be as simple as your first name, your child’s or spouse’s name, first letters on the keyboard, “123456” and so on. Such passwords can be easily guessed and cracked by hackers. A weak password provides an easy access to the intruder to get into your system and compromise your data. Passwords are like locks that are designed to keep your data safe, and most of the times a strong lock can protect your personal stuff from the bad guys. Whenever there is a security breach, we often blame the security practices of the organization or data storage services but truth is that we, the end-users, are often the weakest link in this chain.

In this age of cloud computing you have the ability to store your personal data (photos or documents) on several virtual servers hosted by third party applications and get access to your data from anywhere. Think about it, if you can access your data so easily from anywhere, is it possible for a hacker to do so? Maybe yes. Cloud services are targets of several attacks because they have to deal with password-based user identities and they can be accessed from anywhere.

We have seen a lot of security breaches in the past involving high profile Internet and cloud applications. After closely studying and analyzing these data breaches, researchers have usually come to the conclusion that the use of weak passwords often leads to such breaches, affecting millions of user data and reputation of well-known organizations. When you choose simple and easy to guess passwords, then no matter how secure the password storage and password hashing are, the attacker will be able to crack the password in no time. Apart from the user, it is also the responsibility of the Internet and cloud application vendor to help the users in selecting a safe and hard to crack password (at least 8-digit long password and a combination of letters, numbers and special characters). Sadly, the majority of online services allow simple and short passwords. What that means is the attacker can hack many user accounts by using online password guessing methods, without even compromising cloud applications or gaining access to password hashes.


Image from http://www.teachthought.com


The National Security Agency (NSA) has been in the news lately for invading the privacy of US citizens by collecting massive amounts of digital data. A recent report states that NSA has also asked Internet providers and websites to provide user passwords. As per CNET, “the passwords would enable federal agencies to peruse confidential correspondence or even impersonate the user”.  The NSA has asked companies like AOL, Facebook, Verizon and Yahoo to hand over user passwords. But these companies have turned down NSA’s demand saying this would affect the privacy and confidentiality of their customers. Along with the passwords, the NSA has also asked for the encryption keys and salt (randomly generated line of numbers and alphabets to make hard to crack passwords).  It is still unclear whether NSA is targeting specific individuals or conducting mass data collections. Whatever it is, it definitely posses a major risk to the privacy and security of our data in the Internet.

How can you protect your passwords in the cloud?

  • You can avoid password cracking by using large and complex passwords (at least 8-digits long and combination of letters, numbers and special characters). Two common methods that are used to crack passwords are “Brute force attack” and “Dictionary attack”. The attacker uses a combination of known passwords or possible decryption keys to guess your password.
  • Do not use the same password for multiple services. Use at least four to five different passwords to prevent your data from being compromised. For example, if you are using same password to get into your email, bank account or social media then if one of your account is compromised the hacker can easily get access to other services as well.
  • Update your password frequently. To maintain a safe password you need to constantly update your password in few weeks or months. The more you do it the better.
  • If you do not trust yourself to generate a strong and hard-to-crack password, then you can use third-party applications to generate strong passwords for you. You can manage and encrypt your password by using their password management software. Some of the best rated password managers are 1Password, LastPass , Clipperz and RoboForm.



Image from https://agilebits.com/


  • Never login to important accounts with HTTP or FTP connections. The network protocol analyzer Wireshark can easily capture the username and password used in the message of HTTP or FTP connections; as a result the password can be sniffed and cracked with very little effort. Always use HTTPS and SFTP connections because they are encrypted and secured.
  • Never use your browsers (IE, Chrome or Safari) to save your passwords. Any password saved in the web browsers can be cracked with a simple click using a script.

SpiderOak keeps your data safe

Users sometimes find that selecting a truly protected third party cloud service can be a challenge as most “secure” services on the market have glaring security gaps that leave their sensitive data wide open to third party attacks, leaks, and hacking. One rapidly expanding cloud storage and sync service that sets itself apart from the rest of the market is SpiderOak. This service provides users with fully private cloud storage and syncing, featuring all of the benefits of the cloud along with 100% data privacy. SpiderOak is available with onsite deployment and private servers or outsourced deployment through a private and secured public cloud server, so that users and small businesses of all sorts and sizes can tailor the service to fit their needs.

SpiderOak protects sensitive user data with 256-bit AES encryption so that files and passwords stay private. Authorized accounts and network devices can store and sync sensitive data with complete privacy, because this cloud service has absolutely “zero-knowledge” of user passwords or data. And all plaintext encryption keys are exclusively stored on approved devices because SpiderOak never hosts any plaintext data. This way, even if programs like NSA’s PRISM continue to stand unchallenged, people can rest easy knowing that their data is truly protected. SpiderOak’s cross-platform private cloud services are available for users on Windows, Mac, and Linux platforms, along with Android and iOS mobile devices, allowing for full flexibility and mobile access.

Interested in SpiderOak Products?

SpiderOak carved its niche as the top choice for those most concerned with privacy.

The engineering goal was simple – devise a plan where users’ files, filenames, file types, folders, and/or any other personal information are never exposed to anyone for any reason (even under government subpoena). This describes SpiderOak’s ‘zero-knowledge’ privacy environment.
SpiderOak offers amazing products like SpiderOak Hive and SpiderOak Blue to secure consumer and enterprise data. SpiderOak Hive keeps all your files in sync across your computer and mobile devices. Here the end-user has the ownership of data and is the only one with the keys to unlock and look at plaintext data. You can signup for this product at SpiderOak Blue works seamlessly in your enterprise environment. To resolve authentication it deploys a virtual appliance that resides behind your firewall and integrates with Active Directory / LDAP for single sign-on. SpiderOak Blue is compatible in Mac, Windows, Linux, iOS and Android platforms. SpiderOak Blue is now available through a limited release. We have been working with several large enterprises through the beta period and will continue towards general release. If you’re curious about the product, please send an email to blueinfo@spideroak.com and we will get back to you soon.


Leave a Reply