The feature that syncs to Googel Drive is great. But I note that FFS always saves the Google password. This makes it possible for anyone who might have access to my computer to go through FFS and delete (or add) files on Google Drive. SInce I use Google Drive as a backup solution, this presents a security problem for me.
I know I can go into FFS and disconnect the account, but I would prefer a feature where FFS automatically disconnects from the Google account on completion of a sync and then, when beginning to do a sync to Google Drive, FFS requests the login information and permission for the Google account.
Security Feature Request
- Posts: 2
- Joined: 20 Jan 2019
-
- Posts: 2283
- Joined: 22 Aug 2012
Obviously, if you let others use your computer under your user account, the above will be the case.
Simply create separate accounts for separate users, or let other users use a guest account.
Simply create separate accounts for separate users, or let other users use a guest account.
- Posts: 2
- Joined: 20 Jan 2019
Hi Plerry,
Thank you for your reply. I do not let others use my computer. My concern is more if my computer is lost or stolen. Or compormised in some way.
With all the hacking and security breaches happening these days, I think in terms of how to keep my computer and data secure, even if the likelihood of a problem is quite small as in the case of FFS.
My feature suggestion would just simplify the process, especially if I might forget to go into FFS to disconnect my Google account.
Thank you for your reply. I do not let others use my computer. My concern is more if my computer is lost or stolen. Or compormised in some way.
With all the hacking and security breaches happening these days, I think in terms of how to keep my computer and data secure, even if the likelihood of a problem is quite small as in the case of FFS.
My feature suggestion would just simplify the process, especially if I might forget to go into FFS to disconnect my Google account.
- Posts: 13
- Joined: 23 Jan 2019
I'm not saying this isn't a decent feature to have, but if somebody has compromised your computer then they will have the files you are synchronizing to google anyways, as well as access to any saved passwords in your browsers. If they logged in as you, then they can log into your browser passwords as well.
- Posts: 4
- Joined: 24 Jan 2019
Well if your computer gets stolen or you lose it, the first step is to change all your passwords for all online accounts immediately.
Also, in your Google, FB, etc account you have the option to log out from all devices where you are currently logged in.
This means that your laptop, phone etc will be logged out of your accounts.
If you also change your password then there would be no way for whoever has your device now to log in again because all passwords that you saved in your browser are now invalid.
Of course, you will need to do this very quickly after your device is stolen/lost, before whoever has it is able to go in and take control of your accounts by changing the recovery e-mail address or the phone number and then changing the password for themselves.
Rather than google drive I would recommend a NAS for backup. You can set up a VPN on your router and access your nas even from your laptop or phone as if you were home on your own network. This means that your backup jobs will work on all your devices, even when you are not at home.
Do not set up public access on your NAS directly as depending on the brand etc, some of them are not that secure if you enable public access. Just go with a decent router with good security and set up the VPN from there.
Your own vpn will also help you stay secure when you are on the go. For example, ASUS routers will let you setup an OpenVPN connection to them (encrypted of course). You just set up your user/password then you get a .ovpn file which you can then use in your OpenVPN client on your laptop or phone.
And there's no extra cost for this of course, as long as your router at home has power and internet, you'll have your own VPN wherever you go. Other router brands also allow OpenVPN connections, just make sure you get one with good security features.
Also, in your Google, FB, etc account you have the option to log out from all devices where you are currently logged in.
This means that your laptop, phone etc will be logged out of your accounts.
If you also change your password then there would be no way for whoever has your device now to log in again because all passwords that you saved in your browser are now invalid.
Of course, you will need to do this very quickly after your device is stolen/lost, before whoever has it is able to go in and take control of your accounts by changing the recovery e-mail address or the phone number and then changing the password for themselves.
Rather than google drive I would recommend a NAS for backup. You can set up a VPN on your router and access your nas even from your laptop or phone as if you were home on your own network. This means that your backup jobs will work on all your devices, even when you are not at home.
Do not set up public access on your NAS directly as depending on the brand etc, some of them are not that secure if you enable public access. Just go with a decent router with good security and set up the VPN from there.
Your own vpn will also help you stay secure when you are on the go. For example, ASUS routers will let you setup an OpenVPN connection to them (encrypted of course). You just set up your user/password then you get a .ovpn file which you can then use in your OpenVPN client on your laptop or phone.
And there's no extra cost for this of course, as long as your router at home has power and internet, you'll have your own VPN wherever you go. Other router brands also allow OpenVPN connections, just make sure you get one with good security features.
