手机定位打开容易被黑客入侵_本技术旨在替换密码。 事实证明它很容易被黑客入侵

手机定位打开容易被黑客入侵

重点 (Top highlight)

By Mark Wilson

马克·威尔逊(Mark Wilson)

Passwords suck, which is why so many of us dream of a world where we don’t have them at all. But remembering names and numbers does hold some advantages over newfangled alternatives. According to new research (PDF) out of New Jersey Institute of Technology, the George Washington University, and Ruhr University Bochum, a popular password alternative prized by LG is both more hackable and easier to forget than previously thought.

密码很烂，这就是为什么我们很多人梦想着一个根本没有密码的世界的原因。 但是记住名称和数字确实比新的替代品具有一些优势。 根据新泽西理工学院，乔治华盛顿大学和波鸿鲁尔大学的最新研究 ( PDF )，LG推崇的一种流行的密码替代方法比以前认为的更容易破解，更容易忘记。

The password technique in question is called a knock code. Such codes trace from ancient Greece to turn-of-the-century Russian prisons, in which a series of knocks or taps were equated with various letters. LG’s smartphones offer a super simplified version of the concept: You have a 2 x 2 grid, and you design your own password by hitting these boxes in any sequence you like. It’s a somewhat similar idea to Android patterns, which let you trace your finger across points on a screen to draw your password instead of typing it.

有问题的密码技术称为敲码。 这样的代码从古希腊追溯到世纪之交的俄罗斯监狱 ，在监狱中，一系列敲门声或敲击声被用各种字母表示。 LG的智能手机提供了该概念的超级简化版本：您拥有2 x 2的网格，并且可以通过按任意顺序点击这些框来设计自己的密码。 这与Android模式有点类似，后者可让您在屏幕上的各个点之间移动手指以绘制密码，而无需输入密码。

LG has gone so far as to dub this approach “perfect security.” It’s easy to see the appeal. Knock codes can be entered on a black screen — meaning it’s tough for someone looking on to decipher it as easily as your PIN. There should be no way you can predict a knock code either, whereas a PIN or password might contain a birthday or other easily guessable mental anchors that could help other people hack you. All in all, knock codes reimagine a password as a gesture, which is enticing enough that researchers estimate that as many as 2.5 million people in the United States alone are using knock codes on their phones.

LG甚至将这种方法称为“ 完美的安全性” 。 很容易看到吸引力。 敲门密码可以在黑屏上输入-这意味着要寻找的人很难像您的PIN一样解密它。 您也无法预测爆震代码，而PIN或密码可能包含生日或其他容易猜到的心理锚，可以帮助其他人入侵您。 总而言之，敲门密码将密码重新构想为一种手势，这一点非常诱人，以至于研究人员估计，仅在美国，就有多达250万人在手机上使用敲门密码。

But according to security researchers, the concept doesn’t pan out in the real world. After asking hundreds of people to create knock codes, they learned that while people can create any code they like, what they create isn’t all that diverse.

但是根据安全研究人员的说法，这一概念在现实世界中并未普及。 在要求数百人创建敲门代码后，他们了解到，尽管人们可以创建自己喜欢的任何代码，但是创建的内容并没有那么多样化。

Most damning: 18% of all codes consisted of just four different password sequences. The problem is that people have a propensity to start in the upper-left-hand box and take similar routes from there. Overall, the 30 most popular knock codes represented 42% of all passcodes created in the study. So even if you didn’t design one of the most popular codes, your knock code would still be pretty predictable. “Patterns tend to be selected less randomly, and thus [are] easier to guess,” says Adam Aviv, an author on the paper and associate professor of computer science at George Washington University.

最可恶的是：所有代码中的18％仅由四个不同的密码序列组成。 问题是人们倾向于从左上角的方框开始，并从那里选择类似的路线。 总体而言，在研究中创建的所有密码中，最流行的30种敲门代码占42％。 因此，即使您没有设计最流行的代码之一，您的敲门代码仍然是可以预测的。 论文的作者，乔治华盛顿大学计算机科学副教授亚当·阿维夫(Adam Aviv)表示：“模式往往是随机选择的，因此更容易猜测。”

Given just 10 tries unlocking your phone, researchers calculated that someone can guess your knock code 28% of the time. A four-digit or six-digit PIN code is much safer than this.

研究人员只计算了10次解锁手机的尝试，就可以得出有人可以28％的时间猜出您的敲门密码。 四位数或六位数的PIN码比这更安全。

So what if knock codes used a 2×3 grid instead of a 2 x 2 grid? Researchers analyzed that approach, too, and found that 2 x 3 codes were actually more guessable than 2 x 2 codes. How is that possible? “There may be a false sense of security that the larger set of choices offers, whereby users believe their individual choice matters less in the face of the increased number of possibilities,” the authors write in the paper. In other words, a larger sense of perceived security makes us lazier in designing our own passcodes.

那么，如果敲码使用2×3网格而不是2 x 2网格怎么办？ 研究人员也分析了这种方法，发现实际上2 x 3码比2 x 2码更容易猜测。 那怎么可能？ 作者在论文中写道：“更大的选择集可能会带来一种错误的安全感，从而使用户认为，面对越来越多的可能性，他们的个人选择的重要性降低。” 换句话说，对安全性的更大了解使我们在设计自己的密码方面更加懒惰。

Another problem is how memorable the codes are. After setting up 2 x 2 knock codes, as many as 20% of participants couldn’t remember them just 10 minutes later. So knock codes are neither secure nor convenient.

另一个问题是代码的记忆力。 设置2 x 2敲门密码后，仅20分钟后多达20％的参与者就不记得他们了。 因此，敲门代码既不安全也不方便。

Traditional passwords are by no means perfect either. Popular passwords can still be pretty predictable, and even if your password is novel, a hacker might still access it through an all-too-common data breach. But researchers concluded that a four- or six-digit PIN is all around better than a tap code. Because sometimes a design that’s promising on paper just doesn’t make that much practical sense once real humans get involved.

传统密码也不是完美的。 流行的密码仍然是可以预知的 ，即使您的密码是新颖的，黑客也可能会通过一种非常常见的数据泄露来访问它。 但是研究人员得出的结论是，四位数或六位数的PIN比敲击代码更好。 因为有时候一旦真正的人类参与进来，在纸上有希望的设计就没有太大的实际意义。

翻译自: https://medium.com/fast-company/this-technique-was-supposed-to-replace-passwords-turns-out-its-surprisingly-easy-to-hack-14555228cb67

手机定位打开容易被黑客入侵