restapi最佳实现_如何在线实现最佳安全性

restapi最佳实现

With hacking becoming one of the biggest threats of the digital age, having a secure password and a different one for all your accounts has become increasingly more important.

随着黑客攻击成为数字时代的最大威胁之一，拥有安全密码和用于所有帐户的不同密码变得越来越重要。

It’s easy to fall into the habit of just using a single password for all of your different accounts. You don’t want to be racking your brains every time you open a new browser window, trying to remember the key to each individual password. When you want to get work done quickly, you tend to develop processes that save you time. You might think that having the same password for multiple accounts is one of those time-saving tricks. But let’s just think for a moment about how much time you will have to spend sorting out all your systems, accounts and data if you ever get hacked. If a hacker can figure out the one password that you use for everything, they’ve got access to, well, everything!

容易养成只为所有不同帐户使用一个密码的习惯。 您不想每次打开新的浏览器窗口时都想尽办法，而是想记住每个密码的键。 当您想要快速完成工作时，您倾向于开发可节省时间的流程。 您可能会认为为多个帐户使用相同的密码是节省时间的窍门之一。 但是，让我们想一想一下，如果遭到黑客入侵，您将需要花费多少时间来整理所有系统，帐户和数据。 如果黑客能弄清您用于所有操作的一个密码，那么他们就可以访问所有内容！

There are certainly ways that you can have a super secure password and still add time-saving methodology to how you remember it. There are also a few tips floating around out there about how to create a secure password that you will be able to remember quite easily.

当然，您可以通过多种方式获得超级安全的密码，同时还可以在记住方式时添加省时的方法。 关于如何创建一个安全的密码，您还可以轻松记住一些提示。

您听说过密码管理器吗？ (Have you ever heard of a password manager?)

A password manager is a piece of software that you can install on one or all of your devices to store your unique passwords. It can also generate new cryptic passwords for you and save them against the relevant account for you to copy over whenever needed.

密码管理器是一种软件，可以将其安装在一个或所有设备上，以存储唯一的密码。 它还可以为您生成新的密码，并将其保存在相关帐户中，以便您在需要时进行复制。

Using a password manager is a great way to keep track of several different passwords. It encourages you to make sure that you are creating strong and unique protections for each new account you create.

使用密码管理器是跟踪多个不同密码的好方法。 它鼓励您确保为创建的每个新帐户都创建强大而独特的保护措施。

如果密码管理器的安全性受到威胁怎么办？ (What if the password manager’s security is compromised?)

As with any online technology, there is always a risk of it being hacked. There’s no point lying and saying that password managers are immune to this.

与任何在线技术一样，始终存在被黑客入侵的风险。 撒谎并说密码管理器对此无能为力。

However, when a hacker gets into a password manager account, yes, they will be able to see all your passwords, but they will be completely scrambled. It would take any hacker far longer than it’s worth to try and unscramble your passwords to make sense of any of them. We’re talking decades.

但是，当黑客进入密码管理器帐户时，可以，他们将能够看到您的所有密码，但是它们将被完全加密。 任何黑客都要花更长的时间才能尝试破译密码以理解其中的任何一个。 我们正在谈论几十年。

A really helpful site for checking if your security has been compromised on any of your accounts is https://haveibeenpwned.com/. This allows users to subscribe and get alerts if their personal data (usually an email address and passwords in some form) is ever found to have been made public. If this happens, any accounts where you use the same password will also be vulnerable. This subscription gives you the chance to go in and change your password as soon as you find out it has been compromised.

https://haveibeenpwned.com/是一个非常有用的网站，用于检查您的任何帐户的安全性是否受到威胁。 如果发现他们的个人数据(通常是某种形式的电子邮件地址和密码)被公开，这将允许用户订阅并获得警报。 如果发生这种情况，使用相同密码的任何帐户也将容易受到攻击。 一旦发现此订阅已被盗用，您就可以进入并更改密码。

我还有其他选择吗？ (Do I have any other options?)

Well, yes. If you still feel untrusting of using the internet to store all your passwords, you can always still pull out the old pen and paper option. While we have every confidence in the available password management software and wouldn’t recommend reverting back to hard copies, this is still a secure option.

嗯，是。 如果您仍然不信任使用互联网存储所有密码，则始终可以拔出旧的笔和纸选项。 尽管我们对可用的密码管理软件充满信心，并且不建议还原为硬拷贝，但这仍然是安全的选择。

The risk is that you may lose this piece of paper and will then have no other way to recover all your passwords. It will also take you a bit longer to look through hard copies and find each password, punching it in one character at a time. This may also allow you to fall back into the bad habit of using variations of the same password for everything.

风险是您可能会丢掉这张纸，然后将无法恢复其他密码。 浏览硬拷贝并找到每个密码，一次打一个字符，还需要花费一些时间。 这也可能使您陷入使用对所有内容使用相同密码的变体的不良习惯。

Using password management software is quick and easy, one click of a button and the software detects which site you are using and finds the password you need for it. All you have to do is click on the password to autofill the page, or a quick copy and paste.

使用密码管理软件快速简便，只需单击一个按钮，软件即可检测到您正在使用的站点并找到所需的密码。 您所要做的就是单击密码以自动填充页面，或者快速复制并粘贴。

Writing down your passwords means that you need to take the security of those passwords into your own hands. Written passwords are readable by others, if you lose your hard copy or if someone finds it, they have all of your passwords. If someone gets access to your password manager, they still won’t be able to see your passwords.

写下密码意味着您需要亲自掌握这些密码的安全性。 书面密码是其他人可读的，如果您丢失了纸质副本或有人找到了它，则他们拥有您的所有密码。 如果有人可以访问您的密码管理器，那么他们仍然看不到您的密码。

创建强密码的技巧 (A tip for creating a strong password)

There are a few different tips floating around on the internet for creating strength in your passwords yourself. We think that this one is pretty good for making them as long and unguessable as possible while still being able to remember them.

互联网上有一些不同的技巧可以帮助您自己增强密码强度。 我们认为这一功能非常适合使它们尽可能长且难以猜测，同时仍能记住它们。

A good tip is to create your password out of a phrase, or perhaps even a song lyric. This isn’t to suggest you should make your password 15 words long — that would be annoying. To use this tip, take your phrase, for example, “ Well she hit them with her ten cent pistol and they’ve never been the same” would become, Wshtwh10Cp&tnbts. Taking the first letter from every word of the phrase or lyric and using it to make a code, swapping out letters for characters and numbers wherever possible.

一个很好的技巧是使用短语或歌词来创建密码。 这并不是建议您将密码设置为15个字长，这很烦人。 要使用此技巧，请以您的短语为例，“ 好吧，她用10美分的手枪击中了它们，但它们从未像现在一样 ”，将变成Wshtwh10Cp＆tnbts。 从短语或歌词的每个单词中提取第一个字母，然后使用它来编写代码，并在可能的情况下将字母换成字符和数字。

This method makes lengthy passwords a bit of fun, and you end up with a really strong cryptic password at the end of it. You can use a code to transfer your password to other accounts, like adding a FB into it for your Facebook account, or a Gm for Gmail — whatever works for you.

这种方法使冗长的密码变得很有趣，最终您会得到一个非常强大的隐秘密码。 您可以使用代码将密码转移到其他帐户，例如在其中为您的Facebook帐户添加FB，或为Gmail添加Gm(适合您的方式)。

At the end of the day, the easiest way to create a catalogue of really secure passwords and have them all stored in one easily accessible place is to use a password manager. Have a look at 1Password or Roboform, or Lastpass if you want to use something free.

归根结底，创建真正安全密码的目录并将它们全部存储在一个易于访问的地方的最简单方法是使用密码管理器。 如果您想免费使用，请查看1Password或Roboform或Lastpass。

The benefits of using a password manager far outweigh the risks and is definitely the best option for keeping and creating secure passwords.

使用密码管理器的好处远远超过了风险，并且绝对是保留和创建安全密码的最佳选择。

Originally published at https://hutsix.com.au.

最初发布在 https://hutsix.com.au上 。

翻译自: https://medium.com/hutsix-blog/how-to-achieve-optimum-security-online-71591658bd28

restapi最佳实现