测试首页密码有哪些考虑_我们必须重新考虑我们的密码方法

测试首页密码有哪些考虑

网络安全 (Cybersecurity)

Until recently, I thought that I will never write on this topic because there is no need. It is such an old topic, so much has already been written about it, and when it comes to protecting your digital life, this the most basic thing you need, which can easily be addressed.

直到最近，我认为我永远不会写这个话题，因为没有必要。 这是一个古老的话题，已经有很多有关它的文章，在保护数字生活方面，这是您最基本的需求，可以轻松解决。

Well, I was wrong.

好吧，我错了。

I was helping my father recently with his online photo management when I came to know that he doesn’t have 2FA enabled for his accounts. Fair enough. He was also using the same password almost everywhere because of obvious reasons.

当我得知他的帐户没有启用2FA时，我最近在帮助父亲进行在线照片管理。 很公平。 由于明显的原因，他几乎在所有地方都使用相同的密码。

I suggested that he should use the password manager, but the reaction I got from him wasn’t positive. I was furious at first. Later on, I also found out that it’s the same situation with my better half, my 16 years old son, my in-laws, and a few other family members as well.

我建议他使用密码管理器，但是我从他那里得到的React不是积极的。 起初我很生气。 后来，我也发现我的另一半，我16岁的儿子，我的公婆以及其他一些家庭成员的情况相同。

OMG! This was beyond my imagination and hard to digest. Since then I couldn’t get these thoughts out of my head. I felt that it’s not just them, but there might be a lot of other people out there, who might have the exact same issues and concerns.

我的天啊！ 这超出了我的想象，难以消化。 从那时起，我无法摆脱这些想法。 我觉得不仅是他们，而且可能还有很多其他人，他们可能有完全相同的问题和疑虑。

This story is just an effort to remove all the discomfort and scary feeling as much as possible so that more and more people can make their digital life better and protect it from online frauds.

这个故事只是为了尽可能消除所有不适和恐惧感，从而使越来越多的人可以改善数字生活并保护其免受在线欺诈的影响。

We are not going to talk about 100s of the other things you should do to protect your accounts e.g. 2FA (Two Factor Authentication). We will just focus on passwords and why everyone MUST use the Password Manager.

我们不会谈论保护帐户的其他100件事，例如2FA(两因素身份验证)。 我们将只关注密码以及为什么每个人都必须使用密码管理器。

But, before we go any further, a little bit of background based on what I experienced with 3 different generations in my family.

但是，在我们进行进一步研究之前，请根据我在家庭中3个不同世代所经历的经验来了解一些背景。

我16岁的儿子 (My 16 years old son)

He has grown up in the world of smartphones and smart devices. He used computers and mobile devices from the beginning. He knows everything on the internet very well.

他在智能手机和智能设备领域成长。 他从一开始就使用计算机和移动设备。 他非常了解互联网上的一切。

If he doesn’t understand the importance or need of using the Password Managers, then I would say it is just a lack of awareness. We, as a society or community, need to do a better job of spreading awareness. There is a need for all of us to help spread the word.

如果他不了解使用密码管理器的重要性或需求，那么我会说这只是缺乏了解。 作为一个社会或社区，我们需要更好地传播意识。 我们所有人都需要帮助传播这个词。

He was pretty easy to convince. Once I explained to him “WHY”, he was pretty okay and willingly went ahead and set up everything for himself.

他很容易说服。 一旦我向他解释“为什么”，他就很好，愿意为自己设置一切。

我更好的一半 (My Better Half)

He is 45+, falls into the category of the Gen X population. He is not into the field of computers, but I don’t think that it is a challenge for him to learn and explore new things.

他今年45岁以上，属于Gen X人口类别。 他不属于计算机领域，但我认为这对他学习和探索新事物并不构成挑战。

It’s not a feeling of discomfort, but more of an inconvenience factor due to which he avoids using the password managers. He is simply not willing to change, unless and until he really feels the need. He is aware of everything going on in the world in the name of privacy and security, but he doesn’t seem to be concerned.

这不是一种不适感，而是更多的不便因素，因此他避免了使用密码管理器。 除非并且直到他真正感到需要时，他才根本不愿意改变。 他知道以隐私和安全为名的世界上正在发生的一切，但他似乎并不担心。

The simple reaction I always get is “Who will hack my account?” He protects his bank accounts, but for everything else, he simply doesn’t care. He uses 2FA only if it is forced, for example, Apple.

我总是得到一个简单的React：“谁会入侵我的帐户？” 他保护自己的银行帐户，但是对于其他所有事情，他根本不在乎。 他仅在强制使用2FA时才使用，例如Apple。

People like him just need only one of the accounts hacked, either of their own or of someone in the friend-circle. My advice is:

像他这样的人只需要自己或与朋友圈中某个人被入侵的帐户中的一个即可。 我的建议是：

It is better to safe than sorry.

安全比后悔好。

I have tried everything possible to convince him on WHY? Believe me, I couldn’t. In the end, I just had to ask him by saying “Can you do it for me, please?”

我已尽一切努力说服他，为什么？ 相信我，我做不到。 最后，我只需要问他：“请问你能帮我吗？”

最后，我的父母 (Finally, My Parents)

I can understand their pain.

我能理解他们的痛苦。

They have spent half of their lives in the world when there was no TV or mobile phone. Anything with the word “smart” scares them.

在没有电视或手机的情况下，他们在世界上度过了一半的生活。 任何带有“智能”一词的东西都会吓到他们。

I remember, one day my father came home from the office mentioning that his office is installing computers everywhere. He was almost forced to use it because of the need for survival. Log-in on to a computer and using Mircosoft Word was the biggest challenge for him at that time.

我记得，有一天我父亲从办公室回家，提到他的办公室到处都在安装计算机。 由于生存的需要，他几乎被迫使用它。 当时对他来说，最大的挑战是登录计算机并使用Mircosoft Word。

It was the survival of the fittest so he had no choice but to learn how to use computers.

优胜劣汰是他的生存之道，所以他别无选择，只能学习如何使用计算机。

He spent hours exploring and learning. It wasn’t easy for him. At every step, he had loads of questions. Some of them were almost impossible to answer because that’s how things work, and there is no explanation for it.

他花了数小时进行探索和学习。 对他来说并不容易。 在每一步中，他都有很多问题。 他们中的一些几乎是不可能回答的，因为那是事情的运作方式，对此没有任何解释。

Until recently he wasn’t using online banking, because someone may steal all of his hard-earned money. He feels more comfortable doing things the old-fashioned way rather than learning something new from scratch and understanding the pitfalls to take care of.

直到最近，他还没有使用网上银行，因为有人可能会偷走他所有来之不易的钱。 与从头开始学习新东西并理解要照顾的陷阱相比，他以老式的方式做事更自在。

My only advice to this generation is to assume that you are being forced, just like my dad was forced to learn computer and Microsoft Word in his office. It is not that you can’t learn. It is just the unwillingness and you don’t want to go through the pain of learning something new from scratch.

我对这一代人的唯一建议是假设您被强迫，就像我父亲被迫在他的办公室学习计算机和Microsoft Word一样。 不是你不能学。 这只是不愿意，您不想经历从头开始学习新东西的痛苦。

It is as simple as using WhatsApp, Facebook, or Twitter. Remember that it wasn’t easy to understand and use these apps also. But, you did it, right? Similarly, you can learn how to use password managers. It’s not rocket science.

就像使用WhatsApp，Facebook或Twitter一样简单。 请记住，要理解和使用这些应用也不容易。 但是，您做到了，对吗？ 同样，您可以学习如何使用密码管理器。 这不是火箭科学。

最常见的问题： (The Most Common Concerns:)

如何将密码提供给其他人进行存储？ (How can I give my password to someone else to store?)

I don’t want to make this answer technically complex to understand, but without going into technicals I may not be able to answer. But, let me try:

我不想使这个答案在技术上难以理解，但是如果不深入技术，我可能无法回答。 但是，让我尝试：

Password Managers use the Zero-Knowledge encryption method.

密码管理器使用零知识加密方法。

In a nutshell, Zero-Knowledge encryption means that service providers know nothing about the data you store on their servers. They encrypt it before it can be stored on their servers.

简而言之，零知识加密意味着服务提供商不了解您存储在其服务器上的数据。 他们先对其进行加密，然后再将其存储在服务器上。

It’s a kind of a sealed envelope. They don’t know what’s inside. Even if they or anyone else opens the envelop, they will not be able to read it, because it is encrypted using the master password, which only you know.

这是一种密封的信封。 他们不知道里面有什么。 即使他们或其他任何人打开信封，他们也将无法读取它，因为它是使用只有您知道的主密码进行加密的。

For a more detailed and simple explanation, you can read about Zero-Knowledge Encryption. In order to use the Password Manager, you don’t need to understand how zero-knowledge encryption works.

有关更详细和简单的说明，您可以阅读有关零知识加密的信息 。 为了使用密码管理器，您不需要了解零知识加密的工作原理。

如果我无法访问密码管理器本身怎么办？ (What if I lose access to the Password Manager itself?)

This could be the only or one of the biggest reasons people usually are scared to use Password Managers.

这可能是人们通常不敢使用密码管理器的唯一原因或最大原因之一。

The only way you can lose access to the Password Manager is if you forget the Master Password.

忘记密码管理器的唯一方法就是忘记密码。

You can not afford to forget your Master Password. Actually you will not, because, going forward, that’s the only password you need to remember.

您不能忘记忘记您​​的主密码。 实际上，您将不会，因为继续前进，那是您需要记住的唯一密码。

What if your Master Password is a phrase like this: “The quick brown fox jumps over the lazy dog”

如果您的主密码是这样的短语，该怎么办：“快速的棕色狐狸跳过了懒狗”

Yes, any phrase like this can be your master password. No one will ever be able to crack this password as long as you are alive.

是的，任何类似这样的短语都可以作为您的主密码。 只要您还活着，就没有人能够破解该密码。

You can use any such phrase, which is long enough to crack and you can mix it up with small & capital letters, numbers, and special characters. That’s how the passwords should be, but somehow most of us are still stuck in the old days.

您可以使用任何这样的短语，该短语足以破解，并且可以将其与小写大写字母，数字和特殊字符混合使用。 那就是应该的密码，但是以某种方式，我们大多数人仍然停留在过去。

In a worst-case scenario, if you forget your Master Password, you will lose access to all the stored passwords. Because of the zero-knowledge encryption, there is no way to read your password without your master password.

在最坏的情况下，如果您忘记了主密码，则将无法访问所有存储的密码。 由于采用零知识加密，如果没有主密码，就无法读取密码。

If we forget any other password, we usually have the habit of using “Forgot Password” and we get that reset. Well, you can’t do that in the case of Password Managers. Even if you reset the Master Password, you will not be able to get your previously-stored passwords back. You have to start from scratch. This also means that now you can’t log in to any of your accounts and you need to go through the pain of resetting the password on all your accounts.

如果我们忘记了其他任何密码，通常会习惯于使用“忘记密码”，然后重新设置密码。 好吧，对于密码管理器，您不能这样做。 即使您重置了主密码，也将无法找回以前存储的密码。 您必须从头开始。 这也意味着现在您无法登录任何帐户，并且需要为所有帐户重新设置密码。

What worst can happen? You will never lose access to any of your accounts either because of the Password Manager or otherwise. There are always ways to recover.

会发生什么最坏的情况？ 由于密码管理器或其他原因，您将永远不会失去对任何帐户的访问权限。 总有恢复的方法。

The worst experience I had so far was losing my access to the Facebook account. I had to submit a copy of my passport in order to prove my identity and also proving that it is my account. I’m actually happy that I had to do that because Facebook is trying it’s best to protect my account from any unauthorized access. Isn’t it?

到目前为止，我最糟糕的经历是无法访问Facebook帐户。 我必须提交护照复印件以证明我的身份并证明这是我的帐户。 我真的很高兴我必须这样做，因为Facebook正在努力最好地保护我的帐户免受任何未经授权的访问。 是不是

But, please don’t make it an excuse for not using the password managers. I’m using Password Manager for more than 10 years now and this has never happened to me.

但是，请不要将其作为不使用密码管理器的借口。 我使用密码管理器已有十多年了，这从未发生在我身上。

Until you remember your master password, you can write it down on a piece of paper (don’t store it on your computer) and keep it somewhere safe e.g. in the drawer of your cupboard.

在记住主密码之前，您可以将其记在一张纸上(不要将其存储在计算机上)，并将其保存在安全的地方，例如在橱柜的抽屉中。

However, it is not advisable. Why? We will not go there in order to keep this topic simple. Just understand:

但是，不建议这样做。 为什么？ 我们不会为了简化本主题而去那里。 只是了解：

You should NEVER write down your Master Password but memorize it.

您永远不要写下您的主密码，而要记住它。

However, it is okay to write it down on a piece of paper and keep it safe until you are confident that you have memorized it. Don’t keep it forever.

但是，可以将其写下来并保持安全，直到您确信自己已经记住了。 不要永远保留它。

真的值得付出痛苦吗？ (Is it really worth taking the pain?)

Yes, I don’t want to argue, debate, or discuss this. Just do it. Well, I’m just kidding. Here are the reasons:

是的，我不想争论，辩论或讨论。 去做就对了。 好吧，我只是在开玩笑。 原因如下：

Read these 2 articles to get an idea about data breaches:

阅读这两篇文章，以了解有关数据泄露的信息：

Data breaches are growing at a rapid pace. Even big companies like Adobe, Yahoo, LinkedIn are not safe and can be hacked anytime. Even financial institutions like Banks, Insurance, and Credit Bureau (like Equifax) can’t protect themselves. A data breach is inevitable. The only way you can protect your information is by protecting your password.

数据泄露正在Swift发展。 甚至Adobe，Yahoo，LinkedIn等大公司也不安全，可以随时被黑客入侵。 甚至银行，保险和信用局等金融机构(例如Equifax )也无法保护自己。 数据泄露是不可避免的。 保护信息的唯一方法是保护密码。

密码的基本准则 (Basic guidelines for the Password)

使用复杂的密码。 (Use a complex password.)

A password is considered complex if it uses the combination of everything mentioned below:

如果密码使用以下所有内容的组合，则认为密码很复杂：

1. Small Letters
   小写字母
2. Capital Letters
   大写字母
3. Special Characters
   特殊的角色
4. Numbers
   号码

Every password you create should have at least one character of each, else it is not complex enough.

您创建的每个密码都应至少包含一个字符，否则不够复杂。

密码长度 (Length of the Password)

If you are using all four types of characters mentioned above, you are good with a decent length of 12–16 characters. As of today, almost every website or mobile app allows you to create a password between 8 -16 characters at least. Some websites also allow you to create a password up to 99 characters long.

如果您使用上面提到的所有四种类型的字符，则不错的长度是12-16个字符。 截至今天，几乎每个网站或移动应用程序都允许您至少创建8 -16个字符的密码。 有些网站还允许您创建长度不超过99个字符的密码。

If any website or mobile app allows you to create a password that is less than 8 characters, you should seriously doubt the security practices they are following. You should also try to avoid using such a website or mobile app.

如果任何网站或移动应用程序允许您创建少于8个字符的密码，则您应该严重怀疑他们遵循的安全性做法。 您还应避免使用此类网站或移动应用。

If you don’t want to or can’t use all four types of characters in your password, you should increase the length of your password to 20 or more characters.

如果您不想或不能使用密码中的所有四种字符，则应将密码长度增加到20个或更多字符。

A decent GPU processor-based computer can crack 10.3 billion passwords per second using the brute-force method. I don’t want to go into the technical complexities of what, how, and why. We don’t need to. Just understand that more the length and complexity of your password, harder it becomes for the hacker to crack it.

一款基于GPU的体面计算机可以使用蛮力方法每秒破解103亿个密码 。 我不想讨论什么，如何以及为什么的技术复杂性。 我们不需要。 只需了解密码的长度和复杂性越高，黑客破解密码就越难。

So, if you are 16-years old today and if your password is of 36 characters long, and using all four types of characters, no one will be able to crack your password in your lifetime.

因此，如果您今天16岁，并且密码长度为36个字符，并且使用所有四种类型的字符，那么您将一生中无法破解密码。

However, quantum computers are coming, which will not just impact you and me, but it will make every existing logic to secure the world useless including CIA/NSA, so let us not go there right now.

但是，量子计算机的到来，这不仅会影响到您和我，也将使确保CIA / NSA等确保世界安全的所有现有逻辑都变得无用，因此让我们现在不要走到那里。

Remember,

记得，

“The quick brown fox jumps over the lazy dog”

“敏捷的棕色狐狸跳过了懒狗”

is the better password than

是比以下更好的密码

“3*U$z12D”

“ 3 * U $ z12D”

Why better?

为什么更好？

• because of the length of the password. It’s 43 characters long.
  由于密码的长度。 长43个字符。
• It uses a special character “space”. If any website doesn’t allow space as the special-character, you can use something else.
  它使用特殊字符“空格”。 如果任何网站不允许使用空格作为特殊字符，则可以使用其他名称。
• It uses a Capital letter. You can use any character as a capital letter or the first letter of every word as a capital letter.
  它使用大写字母。 您可以将任何字符用作大写字母，也可以将每个单词的首字母用作大写字母。
• The only thing it doesn't use is the number, which is fine because of the length of 43 characters.
  它唯一不使用的是数字，因为长度为43个字符，所以很好。
• It is easy to remember because it is a phrase anyone can easily remember. That’s how the passwords should be. Easy to remember. Right?
  它很容易记住，因为它是任何人都可以轻松记住的短语。 密码应该是这样的。 容易记住。 对？
• It is a passphrase and not a password. That’s is what is required nowadays, passphrase, and not the password.
  这是一个密码短语，而不是密码。 这就是当今所需的密码，而不是密码。

不要重复使用密码 (Don’t Reuse the Password)

This is the most basic thing everyone talks about, but people don’t listen. The problem is that from the very beginning we started by using the same password everywhere and we still follow that bad practice. Resuing the password is one of the worst things you can do today with your password.

这是每个人都谈论的最基本的事情，但是人们不听。 问题在于，从一开始我们就开始在各处使用相同的密码，但我们仍然遵循这种不良做法。 如今，使用密码来恢复密码是最糟糕的事情之一。

Using the simple password like the ones you have seen in the video or reusing your password on more than one website is a complete NO-NO. You can’t do that anymore. Seriously.

使用简单的密码(如您在视频中看到的密码)或在多个网站上重复使用密码是完全不可以的。 您不能再这样做了。 说真的

Data breaches are growing every day. If your user id and password are compromised in any one breach, then hackers can have access to your multiple accounts using the same password. If you are using a unique password for every website or mobile app, you only need to change it for one website in case if your password is ever compromised.

数据泄露每天都在增长。 如果您的用户名和密码在任何一次泄露中均受到破坏，则黑客可以使用相同的密码访问您的多个帐户。 如果您为每个网站或移动应用程序使用唯一的密码，则只需为一个网站更改密码，以防万一您的密码被盗用。

Has any of your email and password already been compromised? I’m pretty sure it did. You can check at Have I Been Pawned? or try Firefox Monitor. Both will give you the same results.

您的电子邮件和密码是否已经被泄露？ 我很确定。 您可以在“我是否被当过棋子”中查看？ 或尝试使用Firefox Monitor 。 两者都会给您相同的结果。

When you can’t reuse your passwords and need to use the unique password everywhere, that’s when you need a password manager.

当您无法重用密码并需要在各处使用唯一密码时，那就是需要密码管理器的时候。

I use LastPass. As you can see below, I have a total of 682 passwords. Now, if I have to create a unique password/passphrase for every site, there is no way I can remember each of them, right?

我使用LastPass 。 如下所示，我总共有682个密码。 现在，如果我必须为每个站点创建唯一的密码/口令，那么我将无法记住每个站点，对吗？

Password Manager helps me create randomized unique passwords for every login. The additional benefit you see is that it also tells me how many passwords are duplicate, or compromised, or weak, etc.

密码管理器可帮助我为每次登录创建随机的唯一密码。 您看到的另一个好处是，它还告诉我有多少个密码重复，被泄露或被破解等。

You can use any password manager of your choice. My top three recommendations are LastPass, 1Password, or Dashlane. Password Managers help you create a random password for each website you use. They will remember it for you. You just need to remember one password, called Master Password, it’s a password for all of your passwords.

您可以使用您选择的任何密码管理器。 我的前三个建议是LastPass ， 1Password或Dashlane 。 密码管理器可帮助您为您使用的每个网站创建一个随机密码。 他们会为您记住它。 您只需要记住一个密码，称为主密码，它是所有密码的密码。

Password Manager also has a feature called Security Challenge, which tells me where do I stand against the world.

密码管理器还具有一项称为“安全挑战”的功能，该功能可以告诉我在哪里与世界对抗。

LastPass Security Challenge Result

LastPass安全挑战赛结果

Also, as Bob has recommended in his post, don’t forget to change your passwords at regular intervals. You can decide what interval works best for you. You can decide to change your every password every 30, 60, or 90 days.

另外，如Bob在其帖子中所建议的那样 ，请不要忘记定期更改密码。 您可以决定哪个间隔最适合您。 您可以决定每30、60或90天更改一次每个密码。

Two Factor Authentication is the next thing you can do further protect your accounts. But, it is a separate topic of discussion for some other time. For now, just remember:

接下来，您可以做两件事验证，进一步保护您的帐户。 但是，这是另外一个单独的讨论主题。 现在，请记住：

Two-factor authentication can’t and shouldn't be an excuse for not using the Password Manager to create unique passwords.

两要素身份验证不能也不应该成为不使用密码管理器创建唯一密码的借口。

Starting to use anything new always comes with its own challenges. If you run into any issues and not able to get the support required, please feel free to message me. I will be more than happy to help.

开始使用任何新事物总会带来挑战。 如果您遇到任何问题而无法获得所需的支持，请随时给我发消息。 我将非常乐意提供帮助。

This article was originally published on DigitalPrivacyWise.

本文最初发表在DigitalPrivacyWise上 。

翻译自: https://medium.com/digitalprivacywise/rethink-our-approach-to-passwords-d966db3c6752

测试首页密码有哪些考虑