Since the famous Box & Dropbox file leak, user safety has become one of the hottest topics on the entire web again.
For those who are not familiar with what I’m writing about, on May 5th, 2014, a major vulnerability has been discovered on these above mentioned platforms.
Due to poor security updates, privately shared files were allowed to be read by third parties.
While doing their standard AdWords and Analytics analysis, the guys at Intralinks discovered that by clicking on specific links, they gained access to some pretty sensitive files from their competitors, like tax refunds, bank records, business plans – all serious information that Box and Dropbox promised to keep protected.
After this disturbing privacy problem got public, and various types of business owners started to question cloud-based solutions for distributing their company information, Dropbox responded quickly with a blog post, saying how they fixed all privacy issues and disable all the troubled links, which, I if may comment, isn’t an ideal end for this case.
This kind of major mistake unintentionally affected all other cloud services and gave them additional work in proving that their systems are far more solid than their competitors.
This is just one case out of many that states that we quickly need to implement new and advanced security measures.
One of the biggest problems in protecting data is that the wast majority of people tends to value convenience over security.
Properly securing your information online is no easy task. This kind of thing requires constant effort and willingness to follow up on boring procedures that eventually tend to take a lot of your time.
Sure, you don’t HAVE TO use advanced protection services, but they’re highly recommended because, think about it in this way – you live in a bad neighborhood, and you should get a guard dog if you want to feel safe. Having a fence just isn’t enough.
According to Kaspersky Labs, a bizarre number of 1.131.000.866 malicious attacks to computer and mobile devices has been registered in the first quarter of 2014.
I don’t know about you, but in my mind, these are some seriously scary numbers.
In an attempt to improve their security and ensure you as a user that you don’t need to worry about your data being abused or stolen, Google has released a 2-step verification system with an additional security key, to give you that extra layer of protection for your Google Accounts.
So, how does this 2-step verification system work?
Once enabled, you’re asked for a verification code from your phone in addition to your password, to prove that it’s really you signing in from an unfamiliar device.
According to guys at Google, hackers usually work from afar, so this second factor makes it much harder for a hacker who has your password to access your account, since they don’t have your phone.
For those who are hyper sensitive when it comes to securing their data, Google has created a special “Security Key”, to give them that extra step in blocking potential malicious activity.
Security Key is a physical USB, and it’s basically a second factor that only works after verifying the login site is truly a Google website, not a fake one who’s just pretending to be Google.
Rather than typing a code, you just insert your Security Key into your computer’s USB port and tap it.
When you sign into your Google Account using Chrome and Security Key, the guys at Google say that you can rest with ease, knowing that the cryptographic signature cannot be phished.
Google’s 2-step security system has incorporate into its service the U2F standard, a product of a FIDO Alliance, an industry consortium that’s been working to come up with specifications that support a range of more robust authentication technologies, including biometric identifiers and USB security tokens.
According to Google engineers, security key is far more efficient than their previous 2-step authorization plan, because it uses cryptography instead of verification codes and it automatically works only with the website it’s supposed to work with.
What are the limitations?
The people from Google tried their best to produce a flawless security system, and I think they came pretty close.
Google’s 2-step verification system really protects you against bad passwords and offline phishing.
It’s a solid solution for those who are interested in going that extra mile to ensure the safety of their data. The only downside of using this system is that it doesn’t work with mobile-only users, because it requires a USB port.
Also, I have to add, it only works for Google properties on Chrome.
A lot of people, especially commuters use their phones for more than just social media and pointless browsing. There is a huge market there for advanced security and encryption services. Reading tons of articles about the new iPhone6 and all its features, it comes to my mind that Google should put more focus on using NFC technology, instead of physical authentication tools.
Instead of forcing on us a USB device that could turn out to be a problem if the stick itself or a port where we’re trying to put it in isn’t working right, we could use these kind of specific wireless solution and allow ourselves the luxury of securely interacting with all the objects in our close surrounding with just one tap.
Wouldn’t that be great? I sure hope that someone at Google comes up with the same idea and decides to sell it to the right people at his company. If done right, this idea could be the next big thing.
What do you think?