Monday, October 17, 2011

Getting hacked was only the beginning

Here's a great article about what happens when someone malicious takes control of your Gmail account. It's by the person that knows best: the person who got burned. Without spoiling it, they were in a world of hurt. Go read it.

One way that this whole thing could have been avoided was turning on two-factor authentication, "something you know plus something you have". The basic idea is that you don't just have a password, you also have some randomly rotating key that is attached to a physical device in your possession. For something like a corporate network, it's a little keychain that looks like the readout at the top of a solar calculator, with 6 numbers that change every 30 seconds. You type in your password with the 6 numbers at the end.

For Gmail, it requires that every time you log in to Gmail using a new device, and once per month after that, you have to type in the 6 digit code that they SMS to your cell phone. If you have to pay for texts this might not be the best. You can also print out backup one-time use numbers that will work as codes. Do this if you want to feel like a spy.

The great thing about two-factor authentication is that even if somebody knows your password, their ability to guess random numbers you have no control over is limited. For well designed systems like Gmail, they won't be allowed to try your password plus all million random numbers they need to enter to get into your account. Instead, after a small number of failures, they'll get locked out.

Another way most of this could have been avoided is using a program like Thunderbird to download all your mail to a local backup. You still might lose control of your account, but you won't lose years of your personal lifestream.

Without putting too fine a point on it, I'm proud of the way my company, Amazon, puts the customer first. Like good design, security, and scalability, you can't bolt on the customer service after the fact. Getting there might be painful for Google.

Lastly, I think this is not the last wake up call for personal data. Over the past several years, like all of you, I have outsourced some personal data to big corporations who may not be aligned with my interests. I've thought twice about how to own my own data and send it out to everyone. I think I'm settling on Blogger plus RSS to Google+ and Facebook. Eventually I'll host my own blog and email, as soon as I can think of a killer domain name (not surprisingly, most variations of are already taken). That's just the first step toward decentralizing the big sprawls these social networks have become.

1 comment:

Randy said...

I love two-factor authentication on gmail. As soon as I heard that Google was going to implement it, I started trying to sign up every day until it was finally released. Excellent point!

Not to put too fine a point on it, but as a customer, I really dislike the fact that will not allow me to "delete" stored credit card numbers or set my preference to not store my credit card numbers that I use for purchases. I use "ShopSafe" to generate a new number for each online purchase, with a spending limit on each number equal to the amount of that purchase, just so that in case someone manages to steal the credit card numbers stored in the databases of online retailers, they cannot charge any more against my credit card, and I don't have to go through the pain of cancelling and re-issuing cards.