Secure your digital self: auditing your cloud identity

We put more and more of ourselves in the cloud every day. E-mail, device settings, data synchronization between devices, and access to much of our digital selves is tied to a handful of cloud service accounts with Google, Apple, Microsoft, Dropbox, and others. As demonstrated dramatically over the last week, those accounts are easily put at risk if they’re too interconnected—especially since the weakest link in cloud security may be the employees of the providers themselves.

That’s what happened with Wired’s Mat Honan this weekend, when a hacker was apparently able to convince Apple technical support that he was Honan and reset Honan’s iCloud account password. That bit of social engineering allowed hackers to then get access to Honan’s Gmail and Twitter accounts, as well as his access to Gizmodo's Twitter account. He also lost control over his iOS-based devices and was even locked out of his personal computer.

Honan’s experience and the recent security breach at Dropbox are just the most recent examples of what can happen when our digital identities are too closely entwined. While you can’t make your cloud providers more secure, there are things you can do to make yourself less vulnerable to these kinds of hacks, or at least to limit the damage that can be done if one is exposed. Here’s how to do a self-audit of your identity in the cloud to find and fix potential problems.