We put more and more of ourselves in the cloud every day. E-mail, device settings, data synchronization between devices, and access to much of our digital selves is tied to a handful of cloud service accounts with Google, Apple, Microsoft, Dropbox, and others. As demonstrated dramatically over the last week, those accounts are easily put at risk if they’re too interconnected—especially since the weakest link in cloud security may be the employees of the providers themselves.

That’s what happened with Wired’s Mat Honan this weekend, when a hacker was apparently able to convince Apple technical support that he was Honan and reset Honan’s iCloud account password. That bit of social engineering allowed hackers to then get access to Honan’s Gmail and Twitter accounts, as well as his access to Gizmodo's Twitter account. He also lost control over his iOS-based devices and was even locked out of his personal computer.

Honan’s experience and the recent security breach at Dropbox are just the most recent examples of what can happen when our digital identities are too closely entwined. While you can’t make your cloud providers more secure, there are things you can do to make yourself less vulnerable to these kinds of hacks, or at least to limit the damage that can be done if one is exposed. Here’s how to do a self-audit of your identity in the cloud to find and fix potential problems.

Cloud account best practices

The first step is to determine how securely you've configured your cloud service accounts—and how much interdependency they have. The best passwords in the world won't help if the exposure of just one account by a server hack or social engineering lets a hacker or fraudster bypass the password and your accounts are too heavily connected.

Do you use strong passwords, and change them regularly? While passwords won’t stop an attacker who has exploited other means to gain access to your account, a strong password can at least protect you from a direct breach.

Do you share access to your cloud services with other people, such as family members or friends? If you have devices that belong to your kids set up with your credentials for reasons like sharing an app or music, you’re also creating an opportunity for that data to get stolen—or shared by them with friends. Set up individual accounts for each person in the family on devices to prevent accidental exposure of your own personal data.

Do you use the same e-mail address and password as your credentials for more than one service? If your password gets exposed by one service—as it did with some Dropbox users last month—and you’ve used the same information in multiple places, you could be a target for a broader hack. Many sites and services require you to use an e-mail address as a user name. Make sure you vary the credentials you use, selecting a different user name or e-mail account for each to avoid a one-shot exposure. If you don't want to create an e-mail address specific to each service, at least use randomly generated passwords that are at least nine characters long.

Do you use two-factor authentication? Some cloud services now provide a second level of authentication before you sign in or make changes to the account, often by sending a code via text message to your phone. This feature adds another step to authentication, and is often used to double-check security when you log in from an unfamiliar machine. Microsoft, for example, has added two-factor authentication to its cloud services for Windows 8 when adding new "trusted computers" to the account or making other changes. Google provides two-factor authentication for Google Apps accounts as an option for additional security, and Dropbox is now adding the capability.

Do you use the same credentials for iCloud and iTunes? One potential problem that users of Apple’s iCloud and other services can easily fall into is the overuse of a single account across the services used on their devices—for example, using the same Apple ID for both iCloud and the iTunes store. The iTunes store links your credit card data to your Apple ID for music and application purchases, as well as in-app purchases. It stores your contact information and address as well. So it’s a potential source of even bigger headaches if it’s exposed along with your iCloud account.

Do you use the same cloud-based e-mail account as your password recovery contact address for more than one service? If you use a single account as your alternate contact point for all your services, and that one gets exploited, the others don’t need to be hacked to be taken over. The attacker can simply reset passwords on accounts and take them over, getting access to everything in them.

Do you have multiple webmail accounts connected into a single mailbox? For example, does your Google account retrieve your e-mail for your Apple iCloud, Microsoft Live, or other cloud services account? Again, this creates a single point of failure, and can provide an attacker with enough information about your other accounts to potentially take them over.

How hard is it to guess or research your answer to your chosen security question? Depending on how determined someone is to take over your account, and how public your life is on the Internet, the security questions used to reset your account could be particularly vulnerable (the hacking of Sarah Palin’s Yahoo account is a prime example). If you’re using “mother’s maiden name” or some other personal biographical fact that could be found in a public records search, someone with time on their hands or an axe to grind could find the answer and exploit it to take over your account.

Local protection

Apple’s iCloud service can help you remote lock and wipe your iOS devices, as well as your computer. Other services may have more limited access to local storage on devices, but they can be used by a hacker to do other damage—for example, by taking advantage of local synchronization to drop malicious files onto your devices.

Do you keep a local backup in addition to cloud backups? If you get locked out of your device, the only way to recover it may be through a re-install or factory reset of the operating system and a restore from a local backup.

Do you really need to reach back to that computer? Services like iCloud’s “Find my Phone” and “Find my Mac” should be configured selectively for devices. There’s no reason, for example, to have it enabled on a Mac Mini unless you’re particularly paranoid about it being stolen off your desktop. Turn the services on for devices when you’re travelling or otherwise have a higher risk of loss. As for cloud synchronization with other services, only turn them on when you need them—and have virus scanners checking your synced folders.