保护帐户密码

互联网| 安全 (Internet | Security)

If you are reading this, chances are that you have a Medium.com account and just like “with great power comes great responsibility” every account comes with a unique username and password :)

如果您正在阅读本文，则很可能您拥有一个Medium.com帐户，就像“ 能力越强，责任越大”一样，每个帐户都具有唯一的用户名和密码：)

So you will end up with a ton of unique usernames and passwords each meant to be your key to open different digital doors. Google, Linkedin, Facebook, Reddit, medium, and so on. But that's not the end of the list, you also have usernames and passwords for different banking apps and accounts, and these are way more important than your social media accounts.

因此，您最终将获得大量独特的用户名和密码，每个用户名和密码都将成为打开不同数字门的钥匙。 Google，Linkedin，Facebook，Reddit，medium等。 但这还不是列表的末尾，您还具有用于不同银行应用程序和帐户的用户名和密码，而且这些用户名和密码比社交媒体帐户重要得多。

你怎么还记得他们？ (And how do you remember them ?)

• If you are saving them into your browser - you shouldn't.
  如果要将它们保存到浏览器中-不应该。
• If you are using identical or almost identical usernames and passwords you are risking a loss of multiple accounts simultaneously.
  如果您使用相同或几乎相同的用户名和密码，则可能会丢失多个帐户。
• If you are saving them on your system locally, on a pdf or text file, you shouldn't do this as well. Even if you encrypt the file or make it password protected there is still a chance that your data may be compromised.
  如果要将它们保存在本地系统上，例如pdf或文本文件中，则不应该这样做。 即使您加密了文件或将其设置为受密码保护，也仍然有可能破坏您的数据。

怎么样 ？ (How ?)

For example (nerd stats warning)

例如(书呆子统计警告)

I have a text file in which I store all my account/banking details. I compress and encrypt it with 7-Zip (or any other encryption software) using the following parameters:

我有一个文本文件，其中存储了所有帐户/银行明细。 我使用以下参数使用7-Zip (或任何其他加密软件)对其进行压缩和加密：

Compression parameters:

压缩参数：

• Archive format: 7z

  存档格式 ：7z

• Compression level: Ultra

  压缩等级 ：超

• Compression method: LZMA2

  压缩方式 ：LZMA2

• Dictionary size: 64 MB

  字典大小 ：64 MB

• Solid Block size: 4 GB

  固定块大小 ：4 GB

• Number of CPU threads: 4

  CPU线程数 ：4

Encryption parameters:

加密参数：

• Encryption method: AES-256

  加密方式 AES-256

• Encrypt file names: True

  加密文件名 ：True

The password for the encryption is chosen such that it won’t be found in any dictionary and is rather an almost random string (composed of 15–20 upper and lower case letters, numbers, and symbols). I do not store this password anywhere.Also, the filename of the text file is kept such that no one will be able to tell that the file is related to account details at all.

选择用于加密的密码，以便在任何词典中都不会找到它，而是一个几乎随机的字符串(由15-20个大小写字母，数字和符号组成)。 我不会在任何地方存储此密码，而且还会保留文本文件的文件名，以至于没人能说出该文件与帐户详细信息有关。

但这足够安全吗？ (But is this secure enough ?)

Photo by Daniel Herron on Unsplash

Daniel Herron在 Unsplash上 拍摄的照片

The answer is a big NO

答案是否定的

Let's see how

让我们看看如何

Now assume that your system is compromised through any malicious software and someone else takes control of it or another scenario is that someone was able to access your system physically.

现在假设您的系统已受到任何恶意软件的破坏，并且其他人控制了它，或者另一个情况是有人能够物理访问您的系统。

Although the parameters you used above are very strong and cannot be decrypted by the brute force method, but if the guy is professional he doesn't even need to do that.

尽管您上面使用的参数非常强大，并且无法通过蛮力方法解密，但是如果这个家伙很专业，他甚至不需要这样做。

Yes, you did not store the unencrypted file anywhere, but your encryption software does it automatically for you.

是的，您没有将未加密的文件存储在任何地方，但是您的加密软件会自动为您存储它。

How convenient, isn’t it? ;)

多么方便，不是吗？ ;)

The text file is still in the Temp directory of your operating system (Windows/MAC) so the file is still accessible and can be opened by an external text editor software.

该文本文件仍位于操作系统(Windows / MAC)的Temp目录中，因此该文件仍可访问，并且可以由外部文本编辑器软件打开。

And that's not it, the worst case is that very often such an application will never care to delete the file, relying on automatic cleaning to do this at some point in the future… (Operating systems Temp directory, like the browser’s cache directory, can be a real cave of wonders for the attackers!)

不仅如此，最坏的情况是，这样的应用程序在将来的某个时候常常不希望删除文件，而是依靠自动清理来执行此操作……(操作系统的Temp目录，例如浏览器的缓存目录，可以成为攻击者真正的奇观！)

“Every time you open and decrypt the file to use it, you are at risk”

“每次打开和解密文件以使用它时，都有风险”

The problem with using 7zip or any encryption software to save an encrypted text file with account details is that when you need the data, you will have to open the file and unzip it. At that time 7z will dump an unencrypted copy of it in the O.S. temp directory. You (or the software) will need to wipe the temp directory properly every time you open the file.

使用7zip或任何加密软件来保存带有帐户详细信息的加密文本文件的问题是，当您需要数据时，必须打开该文件并将其解压缩。 那时7z将把它的未加密副本转储到OS temp目录中 。 每次打开文件时，您(或软件)都需要正确擦除temp目录。

密码管理和存储应用程序/软件如何更安全？ (How is password managing and storage app/software more secure ?)

The main problem with the above method of storing account details is that encryption softwares are designed to protect the original file that they are encrypting and that's why they create a temporary copy before encrypting and also every time you open or decrypt the file.

上述存储帐户详细信息的方法的主要问题在于，加密软件旨在保护正在加密的原始文件，这就是为什么它们在加密之前以及每次打开或解密文件时都会创建一个临时副本。

Password managing and storage softwares like KeePass are specially designed for this purpose. They never save any password without encrypting and they never store a decrypted version anywhere on the system.

密码管理和存储软件(例如KeePass)是专门为此目的而设计的。 他们从不保存任何未加密的密码，也从未在系统上的任何地方存储解密的版本。

When you create a new database of account details in a password managing software, you only have to remember one master password to access the database and everything you type in the database is encrypted from the start.

在密码管理软件中创建新的帐户详细信息数据库时，只需记住一个主密码即可访问该数据库，并且您在数据库中键入的所有内容都会从头开始加密。

“You must protect the master password properly and with utmost care”

“您必须妥善保护主密码”

if it falls into the wrong hands (which is technically anyone other than you) he can access all of your accounts.

如果落入不法之手(从技术上讲，不是您本人)，他可以访问您的所有帐户。

Photo by Shane Avery on Unsplash

Shane Avery 摄于 Unsplash

That means

那意味着

• Never write it anywhere digitally (smartphone, PC tablet, etc)

  永远不要在任何地方写入数字内容(智能手机，PC平板电脑等)

• Never save it as a photo or screenshot.

  切勿将其另存为照片或屏幕截图。

• Never use any old password from any other account.

  切勿使用任何其他帐户的旧密码。

• Never use obvious and easy to guess passwords like dictionary words , your birthdate or your name, etc.

  切勿使用明显且容易猜测的密码，例如字典中的单词，您的生日或您的姓名等。

• If you write it on a piece of paper (which I would advise against) omit a few characters and remember them so that it's safe even if someone else found it.

  如果您将其写在纸上(我建议您不要这样做 )，请省略几个字符并记住它们，以便即使有人发现也可以安全使用。

• And lastly, Don't share it with anybody (well, this one is a no brainer)

  最后， 不要与任何人分享(嗯，这是一个没脑子的)

Last but not least — research properly which software or app you are going to use. I prefer to use open-source software because they are considered most secure in general, but there are also some paid ones in the market that offers a lot more convenience and some other features.

最后但并非最不重要的一点-正确研究您要使用的软件或应用程序。 我更喜欢使用开源软件，因为它们通常被认为是最安全的，但是市场上还有一些付费软件可以提供更多的便利和其他功能。

翻译自: https://medium.com/swlh/protecting-account-passwords-795c87384f4a