對于消費者來說，云技術是一個巨大福音：它能夠讓消費者以很低的成本或零成本儲存海量的信息——音樂、信息、照片等等。借助各種各樣的服務，人們可以隨意存儲更多的數據，而不用購買額外的設備，例如硬盤或記憶棒。

從這一點來看，云技術像一個巨型免費存儲柜，但它也存在特殊的安全隱患。與實物文件柜不同的是，存儲在云端的數據可能存在被全球網絡罪犯盜竊的風險。如果這些不法分子發動襲擊，他們很有可能會獲得巨量的信息。

不法分子入侵云服務最常用的方式是盜取消費者密碼，然后進入其賬戶。他們實現這一做法的方式包括，入侵云服務公司的數據庫，欺騙消費者提供其密碼（通常使用偽裝成云服務公司的電子郵件）或直接猜測用戶的密碼，因為很多消費者如今仍在使用那些并不難猜的密碼，例如“123456”或“password”。與此同時，消費者可能會重復使用同一密碼，而此舉會導致一連串的賬戶遭到入侵。

消費者維權集團Public Knowledge網絡安全政策總監Megan Stifle說：“鑒于在線業務的不斷增長，消費者可能會在多個網站使用相同的密碼。此舉會將消費者置于險境。如果某個網站的密碼遭到泄漏，例如其郵箱賬戶，那么黑客會嘗試使用同樣的密碼和簡單的密碼變體來入侵用戶收件箱中最為重要的網站。”

幸運的是，云服務公司非常重視云端安全這一問題。很多公司正在為消費者提供簡單易用的方式來保障其數據的安全性。目前有三種比較穩妥的方式。當有人試圖從陌生計算機登錄賬戶時，這些方式都會要求登錄者提供額外的信息。

第一種額外的安全保障方法使用的是簡單的短信，諸如谷歌和微軟這類公司在很久之前便已開始使用這種方法，即向消費者的手機發送驗證碼，然后要求在輸入密碼的同時輸入驗證碼。

盡管這種方法有其優點，但仍能夠被頑固的不法分子攻破，因為他們可以欺騙通信運營商，讓運營商將短信發送至自己的手機。這也是為什么一些用戶轉而使用其他解決方案來提升其云端安全的原因。

第二種方法靠的是手機應用，使用這類方法的公司包括Duo和Authy。這些應用提供一種不斷變化的序列號，來作為消費者密碼的一種輔助手段。該應用的方法相對來說更簡便，因為用戶無需等待短信，而且不法分子也無法通過欺騙運營商來進行破解。

第三種確保云數據安全的方法無需使用手機，但需要消費者在電腦上插入一個小型秘鑰裝置。這類設備中最常用的莫過于“Yubikey”，由名為Yubico的公司制造，價格僅為19美元。它能夠兼容像Facebook和Dropbox這類常用的服務商。

這種秘鑰的方式更加安全，因為它要求用戶在陌生電腦上登錄時出具秘鑰實體，而黑客做到這一點的可能性幾乎為零。秘鑰這種方式也更加迅速，因為它無需輸入發送至手機的驗證碼。

Yubico解決方案業務副總裁 Jerrod Chong說：“我們可以這樣來看。人們開車需要鑰匙，打開房門需要鑰匙，秘鑰則是證實人們在線身份的實體鑰匙。從實體YubiKey中獲取機密信息的難度比從手機應用中獲取此類信息的難度要大得多。”

以上三種方法都十分便利。對于大多數消費者來說，最重要的一步在于告知為他們提供服務的各大云計算公司（包括谷歌、微軟等等），他們希望實施這些方法。此舉涉及進入安全設置，添加額外的防御措施。這些措施通常又稱為“雙重驗證”。（通常，尋找這一設置最簡單的辦法就是在網絡上搜索“Dropbox雙重驗證”這類關鍵詞。）

總之，越來越多的消費者正在利用云端來儲存其最寶貴的信息，包括其文件和照片。隨著人們對云服務的日益倚重，使用額外的安全驗證手段比以往任何時候都更為重要。（財富中文網）

本文最初發表于Time.com。

譯者：馮豐

審稿：夏林

For consumers, the cloud is a big blessing: It lets them store huge amounts of information—music, messages, photos and so on—at little or no cost. Thanks to a wide array of services, it’s possible to squirrel away as much digital data as you like without buying extra equipment like hard drives or memory sticks.

The cloud, in this sense, is like a big free storage locker — but one that poses a special security danger. Unlike a physical file cabinet, data stored in the cloud can be at risk of being stolen by cyber-criminals around the world. And if the crooks do strike, they are likely to get hold of an enormous amount of information.

The most common way crooks get into cloud services is by getting a consumer’s password and letting themselves into the account. They can do this by hacking a cloud company’s database, tricking a consumer into revealing it (often using an email that purports to be from the company) or simply guessing it—many consumers today still use easy-to-guess passwords like “123456” or “password.” Meanwhile, consumers may re-use passwords, which can lead to a series of additional digital break-ins.

“Given our ever-growing online presence, consumers may be tempted to use the same password across multiple websites,” says Megan Stifle, cybersecurity policy director at consumer advocate group Public Knowledge. “This leaves consumers very vulnerable. If the password is compromised at one site, e.g., at their email account, the [hacker] will try the same password and simple variations of it at the most valuable sites in the user’s inbox.”

Fortunately, cloud companies are paying a lot of attention to the problem of cloud security. Many are offering consumers easy-to-use options to lock down their data. Right now, there are three good options, and all of them involve asking for an extra piece of information when someone tries to log in from an unfamiliar computer.

The first extra-security option comes in the form of a simple text message, and companies like Google and Microsoft have been offering it for a while. It involves sending a code to a consumer’s cellphone, and asking them to enter it along with their password.

While this system is a good one, it can be breached by really determined crooks who can trick cell companies into rerouting the text message to their phone. That’s why some users turn to other solutions to enhance their cloud security.

This second method relies on apps and is offered by firms like Duo and Authy. These apps offer an ever-changing series of numbers that serve as the extra step to go along with a consumer’s password. The app method is slightly more convenient because the user doesn’t have to wait for a text message, and crooks can’t compromise it by going through the phone company.

The third method to secure cloud data doesn’t involve your phone but instead requires consumers to insert a tiny key into their computer. The most popular such device, known as a “Yubikey,” is made by a firm called Yubico and costs as little as $19. It works with popular services like Facebook and Dropbox.

The key method is extra-secure since it requires a user to prove they have a physical object before they can log-in from a strange computer—something that would be nearly impossible for a hacker to do. The key method can also be quicker since it doesn’t involve entering a code delivered to a phone.

“Think of it this way. You have a key to your car, to your house, and this serves as a physical key to your online identity,” says Jerrod Chong, vice president of solutions at Yubico. “Extracting the secrets from your physical YubiKey is significantly more difficult than a phone app on your phone.”

All three methods are easy to use. For most consumers, the biggest step is instructing the different cloud computer companies they use—Google, Microsoft and so on—that they want to implement them. This involves going into the security settings and adding the extra defense measure, which is often described as “two-factor authentication.” (Often the quickest way to find this setting is by searching the web for something like “Dropbox two-factor.”)

The bottom line, though, is that consumers are increasingly putting their most valuable information in the cloud, including their documents and their photo memories. As they do so, it’s becoming more critical than ever to add extra security.

This article originally appeared in Time.com