I recently wrote a piece for an evolving collection on bad ideas in writing about the concept of the digital native. It bugs me– and not just because of the politics of the word native, though that certainly plays into it. I hate the idea because it’s simply untrue (and research proves that– I’m not going to dump a bunch of APA citations into a blog post, but I have ’em on request from the chapter-type-thing I worked on). And every day I see examples of it. People who grew up in the digital age are not somehow magically smarter with technology.
One of my favorite examples of this popped up on my Facebook wall today. I won’t call out the specific person as this person might be embarrassed, but the person isn’t alone in this mistake. There’s one thing I see more often than any other “sin” of the internet era: storing secure information on the cloud under the impression it is safe (or, as I sometimes call it, ignoring the fappening).
Many of my peers love things like DropBox, Google Drive, Google Docs, etc. Make no mistake, these are useful tools (Google Docs are a godsend for collaboration), but I also think there’s a little bit of a misunderstanding of how the cloud works or at the very least a strange trust of how the cloud functions that ignores the lack of security. The cloud– and sorry to those who feel like I’m explaining simple things here– is literally a cluster of servers that share data. It’s not a specific place. There isn’t a “cloud” room where all the stuff we put on cloud sits safely. By its very nature information in the cloud is exposed and communal. No one is adding protection to the cloud.
What this means, in the most simple sense, is that if you put, say, your passwords, or your credit card info, or your bank account numbers and logins, in a Google Doc, on your Dropbox, etc. those things exist in numerous places at once. And unlike something that is powerfully encrypted, most of those spaces sit behind a single password. And if you work for a university, like myself, where your university accounts are linked to Google, all of your Google drive and docs and sheets and calendar and everything else is protected by a single password that you, by necessity, use on public machines frequently.
Here’s a way to think about hackers that will probably alarm you, but if you want to be realistic, this is how your data is protected. Let’s say your cloud data is a basketball. You bounce pass it to me. I bounce pass it back. We do this all the time (perhaps across a university network, to your office, to your home, etc.). If I pass you ball, it should get to you (password encryption), but if I pass you the ball the same way all the time in the same spaces, a person could walk in between us and intercept the pass (a hacker). Brute force attacks can yield access to an account, but much more likely is someone will sit down at a machine you didn’t completely log out of, will key log you, or you’ll forget and let a public machine save your password. I see it frequently teaching in a computer lab.
Now losing a single password isn’t usually the end of the world. Most places that handle anything sensitive have a second step of authentication, and resetting a password is easy. But once a person gets a single password, they have a key to something that is yours.
You wouldn’t hand someone you didn’t want looking around in your house the key to your front door. They could rummage through all your things. And if you have critical information on the cloud behind one password, that’s the sort of invitation you’re making. Passwords and such work because they protect various spaces. If someone can guess (or steal) one of them and get all your other passwords and information, that’s not good.
A tl;dr: if you can’t remember all your passwords, your credit card numbers, bank pins, etc. either get yourself a highly encrypted app to save the info (still not super smart) or write them down in a physical thing you can protect (better, but still risky). Putting all of your information in one place on the network is inviting disaster.