Sidebar 8-2 shows that personal biographical information—addresses, phone numbers, email addresses, credit card numbers, and so on—not only can be used by attackers to hijack accounts but also can be collected from one hijacked account to help an attacker gain access to the next. How can you protect yourself against this kind of attack? What can cloud providers change to mitigate such attacks?

What will be an ideal response?

Some
ways
to
protect
oneself
are
to
use
fake
or
disposable
information
whenever
possible;
limit
the
providers
you
share
information
with;
limit,
to
the
extent
possible,
the
overlapping
information
between
accounts.
Cloud
providers
can
stop
asking
users
for
any
information
they
don't
strictly
need.
They
can
also
use
other
mechanisms
to
verify
users
that
are
more
difficult
for
attackers
to
learn,
guess,
or
steal,
such
as
ones
that
prove
your
identity
more
directly
(e.g.,
showing
a
valid
driver's
license
to
a
trusted
party).