tr th rd
Gone are the slack old days of 123456 or password or abc123 as a sensible ‘open sesame’ for online accounts.
摹一个是123456或密码或ABC123作为一个明智的“芝麻开门”的网上帐户的松弛时光。
These passwords — three of the most common passwords worldwide in 2019, as found by a survey from the UK’s National Cyber Security Centre (NCSC) — have long been useless at keeping light fingers away from the confidential data of internet users.
这些密码是英国国家网络安全中心(NCSC)的一项调查发现的,这是2019年全球最常见的三种密码,长期以来一直在使人们远离互联网用户的机密数据方面毫无用处。
As hackers continue crafting increasingly sly ways of violating our privacy, we need to crawl from our dens of apathy to outfox them. And we can — easily! One solution, of course, is biometric authentication — using a fingerprint or iris scanner for the purpose of security. But passwords aren’t going anywhere anytime soon.
随着黑客继续以越来越狡猾的方式侵犯我们的隐私,我们需要摆脱冷漠的束缚,以克服它们。 我们可以-轻松! 当然,一种解决方案是生物特征认证-为了安全起见使用指纹或虹膜扫描仪。 但是密码不会很快消失。
For that reason, Dr. Ian Levy, NCSC Technical Director, says:
因此,NCSC技术总监Ian Levy博士说:
“Password re-use is a major risk that can be avoided — nobody should protect sensitive data with something that can be guessed, like their first name, local football team or favourite band.”
“密码重用是可以避免的主要风险-没有人应该使用可以猜到的东西来保护敏感数据,例如他们的名字,当地足球队或最喜欢的乐队。”
Unsurprisingly, Levy goes on to suggest using “hard-to-guess passwords.” The major problem here is, the harder it is for hackers to guess a password, the harder it is for users to remember it. This means they must be memorable.
毫不奇怪,Levy继续建议使用“难以猜测的密码”。 这里的主要问题是,黑客猜测密码的难度越大,用户记住密码的难度就越大。 这意味着它们必须令人难忘。
I don’t know about you, but I’ve never been guilty of devising a password as basic as the examples above. Thanks to a mixture of my own caution and that of service providers insisting on a wiser choice, it simply wasn’t ever an option.
我不知道您是谁,但我从未犯过像上面的示例那样设计基本密码的罪行。 由于我自己的谨慎和服务提供商坚持明智的选择的混合,这根本不是一个选择。
However, what counts for a wiser choice changes from website to website, many with slightly different requirements. And I will confess, in the past, I’ve got myself into a right muddle with multiple variations of the same password, locking myself out of accounts all over the show. Less than ideal!
但是,明智的选择因网站而异,其中许多要求稍有不同。 而且我会承认,过去,我陷入了一个混乱,因为它使用了同一密码的多个变体,从而使自己无法进入整个演出。 不太理想!
Right out of the gate, I should have gone for a nice combo of upper-case letters, lower-case letters, numbers, and special characters, which is now what most service providers ask for. But fear not, I’ve definitely learned my lesson. As author Frank Sonnenberg says in Soul Food: Change Your Thinking, Change Your Life:
一出门,我就应该组合使用大写字母,小写字母,数字和特殊字符 ,这正是大多数服务提供商所要求的。 但是不要担心,我当然已经学到了教训。 正如作者弗兰克·桑嫩伯格(Frank Sonnenberg)在《 灵魂食品》中所说:改变思维,改变生活 :
“Smart people do stupid things. Stupid people don’t learn from them.”
“聪明的人做愚蠢的事情。 愚蠢的人不会向他们学习。”
Since my schoolgirl error, I’ve come up with a password much stronger than any I’ve ever had before: YouMustHeHavingALaugh*666*
由于我的女学生错误,我想出的密码比以前任何时候都强得多 : YouMustHeHavingALaugh * 666 *
Just jesting!
开玩笑吧!
But I have been employing an unusual way of formulating a password that isn’t difficult to remember. While Levy says the NCSC recommends “combining three random but memorable words,” I prefer to build a complex acronym using one memorable verse from a poem or song:
但是,我一直在采用一种不难记住的方式来制定密码。 虽然Levy表示NCSC建议“结合三个随机但令人难忘的单词”,但我更喜欢使用一首诗或歌曲中令人难忘的经文来构建一个复杂的首字母缩写:
Step one of the process is pretty self-explanatory: you take the first letter from each word of the selected verse.
该过程的第一步很容易解释:从所选经文的每个单词中选取第一个字母。
Step two is where things get more interesting: you then swap letters and what we might call their numerical counterparts — that is, numbers that look similar to the letters. For example, you could replace E with 3, S with 5, O with 0, and g with 9. Perhaps there are also others I’ve missed.
第二步是使事情变得更有趣的地方:然后交换字母和我们可以称为其数字对应物的数字-即看起来与字母相似的数字。 例如,您可以将E替换为3,将S替换为5,将O替换为0,将g替换为9。也许我还错过了其他内容。
Finally, step three is where you include special characters somewhere logical — maybe as bookends or smack bang in the middle.
最后,在第三步中,您可以在逻辑上添加特殊字符-可能是书夹或中间有敲打声。
Here’s one to give you a sense of what I mean: [IXdKKA5pddWAt5RR]
这是一个让您了解我的意思的工具: [IXdKKA5pddWAt5RR]
Bookended by special characters (left and right brackets, in this instance) and incorporating numbers, upper-case letters, and lower-case letters, the above password is based on a few lines from Kubla Khan, a poem by Samuel Taylor Coleridge I remember from A-Level English:
通过特殊字符(左,右括号,在这种情况下),并纳入数字,大写字母Bookended和小写字母,上面的密码是基于几行忽必烈汗 ,一首诗由塞缪尔·泰勒·柯勒律治我记得从A Level英语:
“In Xanadu did Kubla Khan
“在Xanadu做过Kubla Khan
A stately pleasure-dome decree
一项庄严的娱乐圆顶法令
Where Alph, the sacred river, ran”
神圣的河流阿尔弗(Alph)跑到哪里”
According to the following chart by Mike Halsey at Microsoft, which shows how long it would take an average PC to crack passwords of varying lengths and complexities, my Khubla Khan-inspired password would take 1 quintillion years.
根据Microsoft的Mike Halsey的以下图表(该图表显示了普通PC破解长度和复杂程度不同的密码需要花费多长时间),我的Khubla Khan启发式密码将花费1 百万亿年。
Just to be clear, that’s 1,000,000,000,000,000,000,000 years. And the chart is a decade old, so let that sink in for a moment.
需要明确的是,这是1,000,000,000,000,000,000,000年。 图表已经有十年历史了,所以让它陷入片刻。
In contrast, 123456, which the NCSC survey found to be the most popular password in the world today, would take no time at all. Literally no time — a modern computer would crack it instantly.
相比之下 ,123456,该NCSC调查发现,在当今世界上最流行的密码,将采取完全没有时间。 从字面上看,没有时间-现代计算机会立即破解它。
Thus, 123456 and [IXdKKA5pddWAt5RR] are at opposite ends of the crackability scale. It may seem like they’re at opposite ends of the rememberability scale too. And they are — if you don’t care much for Coleridge. You’d also have a comparable experience using password generators like those by LastPass and Norton.
因此, 123456和[IXdKKA5pddWAt5RR]位于可裂性等级的相对两端。 似乎他们也正处于记忆力范围的两端。 如果您对Coleridge不太在意,它们就是。 您还将具有使用类似LastPass和Norton的密码生成器的类似经验。
Surely though, you’ve committed to memory a few lines from a favourite poem or song? Whether the words come from Oscar Wilde or Kim Wilde, Robert Burns or Pete Burns, it doesn’t matter — as long as you can remember them. It’s all about what works for you as an individual user.
当然可以,但是您已经承诺要从最喜欢的诗歌或歌曲中记几行? 这些词是来自Oscar Wilde还是Kim Wilde,Robert Burns或Pete Burns,都没有关系-只要您能记住它们即可。 这是关于什么对您个人用户有效的。
Now for the tricky part.
现在开始棘手的部分。
Wait, what? That wasn’t the tricky part?
等一下 那不是棘手的部分吗?
I’m afraid not. You might be able to construct a stonker of a password, but should you use it on all services? Noooo. If the biggest social media breaches have taught us one thing, it’s that, once these sites are compromised, your [IXdKKA5pddWAt5RR] might as well be a 123456.
恐怕不是。 您也许可以构造一个密码令牌,但是您应该在所有服务上使用它吗? 不 如果最大的社交媒体违规事件告诉了我们一件事,那就是,一旦这些站点遭到入侵,您的[IXdKKA5pddWAt5RR]可能也是123456。
It’s a far better idea to come up with separate passwords for each service — and to change them frequently too. Unfortunately, this brings you face-to-face with the issue of where to store your gaggle of passwords.
为每个服务提供单独的密码,并且也要经常更改它们,这是一个更好的主意。 不幸的是,这给您带来了如何存储大量密码的问题。
While it would certainly be foolish to note them down on a piece of paper, plenty of people use password managers like those offered by Dashlane and Keeper, accessible using a master password and optional biometrics.
在一张纸上写下它们肯定是愚蠢的,但是许多人使用密码管理器,例如Dashlane和Keeper提供的密码管理器,可以使用主密码和可选的生物识别功能进行访问。
I can understand the lack of trust in these supposedly secure password vaults, especially after a study by Independent Security Evaluators (ISE) found severe vulnerabilities in several earlier this year. However, they’re pretty much the best we’ve got at the moment.
我可以理解对这些所谓的安全密码库的缺乏信任,特别是在独立安全评估人员(ISE)于今年早些时候进行的一项研究发现严重漏洞之后。 但是,它们几乎是我们目前拥有的最好的。
As with everything we do online, there’s always going to be some level of risk in generating, storing, and using passwords. Though, as I said earlier, these digital keys will be around for the foreseeable future, so why not give my method a go?
就像我们在线上所做的一切一样,生成,存储和使用密码总是会有一定程度的风险。 但是,正如我之前说的,在可预见的将来,这些数字键将会问世,那么为什么不尝试一下我的方法呢?
Take the chance to draw on the creativity of others so you can get creative yourself — only with passwords, which are undoubtedly just as exciting as poetry and music, right? Wooo, internet security — fun fun fun!
把握机会,利用他人的创造力,使自己能够发挥创造力-仅使用密码,这无疑与诗歌和音乐一样令人兴奋,对吗? 哇,互联网安全-好玩好玩!
翻译自: https://medium.com/swlh/th3-ux-0f-a-pa55w0rd-e41bb3419908
tr th rd
扫一扫
1万+
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
