“Is password protection an inherently flawed security model? A hack into a Twitter employee’s Gmail provided access to a number of confidential Twitter docs housed in Google’s cloud. What does that say about cloud security? Information from the docs was leaked to the media and published on various outlets.” This may be a hard blow to those who have hopes in tossing sensitive data into the cloud.
Employee’s Email Hacked, Twitter Information Stolen
2009-07-17 Privacy, Security 6 Comments
It’s not as if the same couldn’t happen by gaining password access to an account on an in-house system.
Doesn’t matter if the password is for VPN access to your own network, or cloud data storage. If you use a crappy password or are reckless about keeping it private, bad stuff is going to happen.
And yes, password authentication sucks. Much prefer something like public key authentication.