The 2014 celebrity nude photo leak brought to light vulnerabilities in Apple’s iCloud security. But hackers are not just after naughty photos in the cloud: sensitive information like personnel records, valuable intellectual property, customer bank records and other confidential data could be at risk.
Here, we look at how SMS two-factor authentication helps to strengthen cloud security.
The convenience of being able to access files in the cloud from anywhere, at any time, must be one of the greatest internet advances of the 21st century. Being hard drive-free has seen millions of users sign up to cloud services such as Google Drive, Dropbox, OneDrive, Netflix and Flickr.
The mistake that many big corporates make is to put their main focus on protecting their users’ wallets but not their login information. In the case of Apple, it only required two-factor authentication for making purchases or changing account preferences. Now, however, it will be building two-factor authentication directly into the new iOS 9 and OS X El Capitan (you can find out more about this additional cloud security here).
Unsurprisingly, the stronger you encourage your users to make their passwords, the greater the chance they’ll forget it. And when a user turns to password recovery, hackers strike, easily cracking a mother’s maiden name or a nickname.
Using Apple ‘create account page’, fraudsters can play around with different email addresses to see if one is in use. If they find an existing email, they go through a weak ‘forget password’ process with a security question and boom – once they’ve guessed what a pet’s name is, they are into iCloud photos or a company’s sensitive Dropbox documents.
Chilling as the above example is, see it as an encouragement to find a better password recovery process than a security question. Another reason to make two-factor authentication a standard feature is the fact that users are very likely to access cloud services from several devices: computer, smartphone, tablet and/or internet TV, to name a few. If any of these are compromised, the cloud is compromised.
SMS two-factor authentication is a strong, popular method of verifying a user’s identity. Why? Well, most users are glued to their phones 24/7. Having to enter a one-time PIN (OTP) sent via SMS is not too disruptive to the user experience – whether someone is accessing their cloud storage via a desktop or mobile app. Phone verification is easy to implement – simply ask for a mobile number at sign-up, explaining that it will only be used for verification purposes (and stick to that!). Phone numbers are difficult to fake and users usually keep one phone number for many years.
Ready to add a stronger level of protection to your cloud service? Then take a look at Clickatell’s Wordpress plugin, on GitHub. It comes with simple instructions on how to add two-factor authentication to your WordPress site. You can also read how two-factor authentication can improve app security and why an SMS one-time PIN (OTP) is the easy, cost-effective layer of security to add.
SMS and two-way channels, automation, call center integration, payments - do it all with Clickatell's Chat Commerce platform.