Take some work off your plate while beefing up security with three changes you can make today.
通过今天可以进行的三项更改来增强安全性,同时省下一些工作。
Unstable times are insecure times, and we’ve already got enough going on to deal with. When humans are busy and under stress, we tend to get lax in less-obviously-pressing areas, like the security of our online accounts.
不稳定的时期是不安全的时期,我们已经有足够的时间来应对。 当人们忙于承受压力时,我们倾向于在压力不太明显的领域放松,例如我们的在线帐户的安全性。
These areas only become an obvious problem when it’s too late for prevention. Thankfully, most of the work necessary to keep up our cybersecurity measures can be outsourced.
只有为时已晚,这些领域才成为明显的问题。 值得庆幸的是,保持我们的网络安全措施所需的大部分工作都可以外包。
Implementing proper cybersecurity measures can be fiddly, and I especially dislike fiddling with things that I could avoid fiddling with.
实施适当的网络安全措施可能很麻烦,而且我特别不喜欢摆弄我本可以避免摆弄的事情。
These fiddly things include resetting forgotten passwords, transferring multifactor authentication (MFA) codes when I change devices, and dealing with the fallout of compromised payment details in the event one of my accounts is still breached.
这些奇怪的事情包括重置忘记的密码,在我更换设备时传输多因素身份验证(MFA)代码以及在我的一个帐户仍然被盗的情况下处理泄露的付款明细的后果。
Here are three changes I’ve made that significantly reduce the chances of needing to fiddle with any of these things again. You can too.
这是我进行的三项更改,可显着减少再次需要弄乱其中任何一项的机会。 你也可以
1密码 (1Password)
I’ve historically avoided password managers because of an irrational knee-jerk reaction to putting all my eggs in one basket.
从历史上看,我一直避免使用密码管理器,因为对我所有的鸡蛋都放在一个篮子里的React不理性。
You know what’s great for irrational reactions? Education. To figure out if putting all my passwords into a password manager is more secure than not using one, I set out to see what some smart people wrote about it.
您知道非理性React的最大好处吗? 教育。 为了弄清楚是否将我所有的密码放入密码管理器比不使用密码管理器更安全,我着手看一些聪明的人写的内容。
First, we need to know a thing or two about passwords. Troy Hunt figured out almost a decade ago that trying to remember strong passwords doesn’t work. In more recent times, Alex Weinert expanded on this in Your Pa$$word doesn’t matter.
首先,我们需要了解有关密码的一两件事。 特洛伊•亨特(Troy Hunt)大约在十年前就意识到试图记住强密码是行不通的 。 最近,Alex Weinert在“ 您的Pa $$单词无关紧要”中对此进行了扩展。
TL;DR: our brains aren’t better at passwords than computers, and please use MFA.
TL; DR:我们的大脑在密码方面并不比计算机强,请使用MFA。
So passwords don’t matter, but complicated passwords are still better than memorable and guessable ones.
因此,密码并不重要,但是复杂的密码仍然比令人难忘和容易猜测的密码更好。
Since I’ve next to no hope of remembering a dozen variations of p/q2-q4! (I’m not a chess player), this is a task I can outsource to 1Password. I’ll still need to remember one, long, complicated master password - 1Password uses this to encrypt my data, so I really can’t lose it - but I can handle just one.
由于几乎没有希望记住p/q2-q4!的十二种变化p/q2-q4! (我不是国际象棋棋手 ),这是我可以外包给1Password的任务。 我仍然需要记住一个长而复杂的主密码-1Password使用它来加密我的数据,因此我真的不会丢失它-但是我只能处理一个。
Using 1Password specifically has another, decidedly obvious, advantage. I chose 1Password because of their Watchtower feature. Thanks to Troy Hunt’s Have I Been Pwned, Watchtower will alert you if any of your passwords show up in a breach so you can change them. Passwords still don’t completely work, but this is probably the best band-aid there is.
特别使用1Password具有另一个明显的优势。 我选择1Password是因为其具有守望台功能。 多亏特洛伊·亨特(Troy Hunt)的“我已被盗” ,如果您的密码出现违规行为,守望台将提醒您,以便您更改密码。 密码仍然不能完全起作用,但这可能是最好的创可贴。
One last bonus is that using a password manager is a heck of a lot more convenient. Complicated passwords need not take two tries to type.
最后一个好处是使用密码管理器更加方便。 复杂的密码无需两次尝试输入。
When it comes to sites that I only rarely use, and don’t consider important, I’m typically far more likely to end up (re)setting those passwords to something memorable, and thus something easily hacked. Even - perhaps especially - unimportant sites can open doors to your more important ones.
当涉及到我很少使用且不重要的网站时,我通常更有可能最终将这些密码设置(重新设置)令人难忘的内容,从而容易被黑客窃取。 甚至-也许尤其是-不重要的网站都可以为您更重要的网站打开大门。
Using 1Password and generated passwords, those sites are now also first-class citizens in the land of strong passwords, instead of being half-abandoned and half-open attack vectors.
使用1Password和生成的密码,这些站点现在也成为强密码领域的一等公民,而不是被半弃半开的攻击媒介。
So, yes, all my eggs are in one basket. A well-protected, complex, and monitored basket, as opposed to being scattered about in several of those paper cartons from the grocery store that don’t really close and certainly can’t survive a rather gentle bump as you come in the doorway, Victoria, how many times do I need to remind you to be careful.
所以,是的,我所有的鸡蛋都放在一个篮子里。 一个保护良好,复杂且受监控的篮子,而不是散落在杂货店的一些纸箱中,这些纸箱并没有真正关闭,并且当您进入门口时肯定无法承受相当轻微的颠簸 ,维多利亚,我需要提醒您几次。
Authy (Authy)
Okay - so it’s more like one-and-a-half baskets. 🤷🏻
好的-所以它更像是一个半篮子。 🤷🏻
Authy, from the folks over at Twilio, provides a 2FA solution that’s more secure than SMS (I find this to be an interesting intersection, coming from Twilio, and I applaud.) Unlike Google Authenticator, you can choose to back up your 2FA codes in case you lose or change your phone. (1Password offers 2FA functionality as well - but, you know, redundancies.)
来自Twilio的同事们的Authy提供了2FA解决方案,该解决方案比SMS更安全(我发现这是一个有趣的交叉点,来自Twilio,我为之鼓掌。) 与Google Authenticator不同 ,您可以选择备份2FA代码以防丢失或更换手机。 (1Password还提供2FA功能-但您知道有冗余。)
With Authy, your back up is encrypted with your password, similarly to how 1Password works. This makes it the second password you can’t forget, if you don’t want to lose access to your codes. If you reset your account, they all go away. I can deal with remembering two passwords; I’ll take that trade.
使用Authy,您的备份将使用密码进行加密,类似于1Password的工作方式。 如果您不想失去对代码的访问权限,这将使其成为您无法忘记的第二个密码。 如果您重置帐户,它们都会消失。 我可以记住两个密码。 我接受那笔交易。
I’ve tried other methods of MFA, including hardware keys, which can make accessing accounts on your phone more complicated than I care to put up with. I find the combination of 1Password and Authy to be the most practical combination of convenience and security that yet exists in my knowledge.
我尝试了MFA的其他方法,包括硬件密钥,这会使我在手机上访问帐户的工作变得比我想忍受的要复杂。 我发现1Password和Authy的组合是我所知还不存在的便捷性和安全性的最实用组合。
Privacy.com (Privacy.com)
Finally, there’s one last line of defense you can put in place in the unfortunate event that one of your accounts is still compromised. All the strong passwords and MFA in the world won’t help if you open the doors yourself, and scams and phishing are a thing.
最后,在不幸的事件中,您的一个帐户仍然被盗,可以采取最后一道防线。 如果您自己打开门,世界上所有强大的密码和MFA都将无济于事,而诈骗和网络钓鱼就是一回事。
Since it’s rather impractical to use a different real credit card every place you shop, virtual cards are just a great idea. There’s no good reason to spend an afternoon (or more) resetting your payment information on every account just to thwart a misbehaving merchant or patch up a data breach from that online shop for cute salt shakers you made a purchase at last year (just me?).
由于在您购物的每个地方都使用不同的真实信用卡是不切实际的,因此虚拟卡是一个好主意。 没有充分的理由花一个下午(或更长时间)在每个帐户上重置您的付款信息,以阻止行为不端的商人或修补该在线商店的数据泄露,以购买您去年购买的可爱的盐瓶(只是我吗? )。
By setting up a separate virtual card for each merchant, in the event that one of those merchants is compromised, I can simply pause or delete that card. None of my other accounts or actual bank details are caught up in the process. Cards can have time-oriented limits or be one-off burner numbers, making them ideal for setting up subscriptions.
通过为每个商人设置单独的虚拟卡,万一其中一个商人遭到入侵,我可以简单地暂停或删除该卡。 在此过程中,我的其他任何帐户或实际的银行详细信息都不会被捕获。 卡可以有时间限制,也可以是一次性刻录机号,使其成为设置订阅的理想选择。
This is the sort of basic functionality that I hope, one day, becomes more prevalent from banks and credit cards. In the meantime, I’ll keep using Privacy.com. That’s my referral link; if you’d like to thank me by using it, we’ll both get five bucks as a bonus.
我希望有一天,这种基本功能会在银行和信用卡中变得越来越普遍。 同时,我将继续使用Privacy.com 。 那是我的推荐链接; 如果您想通过使用它来感谢我,我们都会获得五美元的奖励。
外包更好的安全性 (Outsource better security)
All together, implementing these changes will probably take up an afternoon, depending on how many accounts you have. It’s worth it for the time you’d otherwise spend resetting passwords, setting up new devices, or (knock on wood) recovering from compromised banking details.
总之,实施这些更改可能需要一个下午的时间,具体取决于您拥有的帐户数量。 如果您不花其他时间来重置密码,设置新设备或(从敲门而出)从受到破坏的银行详细信息中恢复,那是值得的。
Best of all, you’ll have continual protection just running in the background - an effortless boost to your personal cybersecurity posture.
最重要的是,您会在后台运行时得到持续的保护-毫不费力地增强了您的个人网络安全状况 。
We have the technology. Free up some brain cycles to focus on other things - or simply remove some unnecessary stress from your life by outsourcing the fiddly bits.
我们拥有技术。 腾出一些大脑周期来专注于其他事情-或通过将零碎的工作外包来消除生活中的不必要压力。
翻译自: https://www.freecodecamp.org/news/outsourcing-security-with-1password-authy-and-privacy-com/
3610
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
