ac管理器管理员密码忘记了
There’s no shortage of articles around data breaches that include email and password addresses. And when you consider that over half of Internet users use the same password for all of their accounts, you have a recipe for personal disaster.
关于数据泄露的文章不乏不足,包括电子邮件和密码地址。 而且,当您考虑到超过一半的Internet用户对他们的所有帐户使用相同的密码时,便会造成个人灾难。
The hardworking people over at HaveIBeenPwned keep track of these breaches, collect as much of the breach data as possible, and then allow you to check to see if your email address has been part of one (or a lot!) of them. If the username and password show up on the list and you know they are the same as other accounts, you can bet that the infamous “dark web” will be trying to get in other places as well.
HaveIBeenPwned的勤奋工作人员会跟踪这些违规行为,收集尽可能多的违规数据,然后让您检查一下您的电子邮件地址是否属于其中一个(或很多!)。 如果用户名和密码显示在列表中,并且您知道它们与其他帐户相同,那么您可以打赌臭名昭著的“黑网”也将尝试进入其他位置。
The best defense is to limit the exposure to these breaches, so that one compromised account doesn’t impact any of your other accounts. Coming up with new, unique, passwords is a pain, and storing them securely is another issue. Enter password managers.
最好的防御方法是限制这些违规行为的风险,以使一个被盗帐户不会影响您的其他任何帐户。 提出新的,唯一的密码是很痛苦的,安全地存储它们是另一个问题。 输入密码管理员。
密码管理器有什么大惊小怪的 (What’s all the fuss over password managers)
Password managers create long, complex passwords that you’ll never need to remember. They store these passwords in an encrypted container, kept secure by a password only you know (we’ll get to that later). In addition to storing passwords, these containers can store secret questions, account numbers, and all sorts of vital information you need on a periodic basis. They take time to set up, but relieve a lot of the headache of proper account management.
密码管理器会创建冗长而复杂的密码,您无需记住它们。 他们将这些密码存储在加密的容器中,只有您知道的密码才能保证其安全(我们稍后会介绍)。 除了存储密码外,这些容器还可以定期存储秘密问题,帐号和您需要的各种重要信息。 他们花了一些时间来设置,但减轻了适当帐户管理的许多麻烦。
步骤1:选择一个密码管理器 (Step 1: Pick a password manager)
A lot of selecting a password manager comes down to cost and features that you’re looking for. Some of the larger players in this space:
选择很多密码管理器取决于您要寻找的成本和功能。 这个领域的一些较大的参与者:
1Password —Started out with a lot of iOS and macOS integrations, but has full support for all the major platforms.
1Password —从许多iOS和macOS集成开始,但对所有主要平台均提供全面支持。
LastPass — Another popular cloud-based choice, though with some pervious issues with weaknesses in their code.
BitWarden — An open source, free, platform that can also provide additional features for an annual cost.
BitWarden —一个免费的开源平台,该平台还可以提供额外的功能,需要每年支付费用。
KeePass — Another open source contender that keeps the data on your local device, and requires another method to sync across all platforms.
KeePass-另一个开源竞争者,它将数据保存在本地设备上,并需要另一种方法在所有平台之间进行同步。
Pick one that suits your needs and your wallet, and move on to step 2.
选择一个适合您的需求和您的钱包,然后继续执行步骤2。
步骤2:设定主密码 (Step 2: Set a master password)
You need to come up with your master password, the one that will protect all the others. Make it good! The best password is one that is long, but that you can remember. Most people have several passwords that they have used across their accounts. One tip is to take all of these passwords, put a “!” or a “$” between them and voila, a long, secure password that’s easy to remember. Pick a favorite sports team, tack it on the end, just to make sure it’s new. When a password is really long, a lot of what you have been told to avoid goes out the window.
您需要输入您的主密码,该密码将保护所有其他密码。 做得好! 最好的密码是长密码,但您可以记住。 大多数人在自己的帐户中使用了多个密码。 一个提示是使用所有这些密码,并在输入“!” 或者在他们和voila之间加一个“ $”,这是一个很容易记住的长而安全的密码。 选择一个最喜欢的运动队,最后确保它是新的。 当密码确实很长时,您会被告知要避免的许多事情都消失了。
If you choose a password manager that allows for multi-factor, be sure to set it up as well, as this will bolster the security of your manager.
如果选择允许多因素使用的密码管理器,请确保也进行设置,因为这将增强管理员的安全性。
步骤3:开始迁移 (Step 3: Start the migration)
You have a nice, shiny, empty password file, and now you need to fill it up! Find some sites that you don’t use as much and not as important to your social and financial well-being. While less important to put behind a secure password, it’s a good way to get your feet wet without locking yourself out. Log in using your normal password and change the password using one generated by your password manager. Length and complexity are up to you, and most software will tell you how secure your password settings are. Start out with 20 characters and alphanumeric, and you should have something that is secure, but easy to read if you need to.
您有一个漂亮,闪亮,空的密码文件,现在您需要填写它! 查找一些您不经常使用且对您的社会和财务状况不太重要的网站。 尽管放下安全密码不太重要,但是这是一种让自己湿透而又不会锁定自己的好方法。 使用常规密码登录,然后使用由密码管理器生成的密码更改密码。 长度和复杂程度取决于您,大多数软件会告诉您密码设置的安全性。 以20个字符和字母数字开头,您应该拥有一些安全的东西,但是如果需要的话,它应该易于阅读。
Don’t cheat! If you log into a site with a password you know, your first trip is to the account settings to change it.
不要作弊! 如果使用您知道的密码登录到站点,那么您的第一趟就是通过帐户设置进行更改。
This is also a great time to double check that each account is using the correct email address, to unsubscribe from any newsletters you no longer want, and to update mailing addresses.
这也是一个很好的时间,可以仔细检查每个帐户是否使用了正确的电子邮件地址,退订不再需要的新闻通讯以及更新邮寄地址。
第4步:沐浴在安全的新世界中,然后重新开始 (Step 4: Bask in your secure new world, and then start all over again)
Microsoft and NIST have made headlines in the past few years as they start recommending companies shy away from forcing users to change their passwords every 90, 180, or 365 days as it may do more harm than good. While it may be tempting to set it and forget it, take the time periodically to change the master password and the passwords for your financial, health, and email accounts to ensure that if they were compromised, they’ve been changed.
在过去几年中, Microsoft和NIST成为头条新闻,因为它们开始建议公司避免强迫用户每90、180或365天更改一次密码,因为这样做弊大于利。 虽然可能会很想设置并忘记它,但还是要花一些时间定期更改主密码以及您的财务,健康和电子邮件帐户的密码,以确保如果这些密码被泄露,它们已经被更改。
Password management is a great example of where a little work goes a long way. Take the time to set it up, and you’ll feel in much better shape for the next breach.
密码管理是完成大量工作的一个很好的例子。 花些时间进行设置,下一次突破时您会感觉更好。
关于KeePass工作流程的注释 (A note on my KeePass workflow)
When I went the password manager route several years ago, I ended up with KeePass on my laptop, phone, and work computer. I liked the ability to control the file entirely, and that it was free. Syncing is performed by storing the KeePass file on my Box drive. The password protecting the file is long enough that it will be safe until quantum computing really ramps up, and it is paired with a key file that is kept separate on each individual device. All in all, it’s a risk I’m willing to take.
几年前,当我进入密码管理器路线时,最终在笔记本电脑,电话和工作计算机上安装了KeePass。 我喜欢完全控制文件的功能,而且它是免费的。 通过将KeePass文件存储在Box驱动器中来执行同步。 保护文件的密码足够长,以至于在量子计算真正发展之前它是安全的,并且与在每个单独设备上保持独立的密钥文件配对。 总而言之,这是我愿意承担的风险。
In researching this post I spent some time taking a look at BitWarden, and think that will be worth kicking the tires. If I am able to elevate my homelab in a way to run it locally, it might take over for KeePass.
在研究这篇文章时,我花了一些时间看一下BitWarden,并认为这值得一试。 如果我能够通过某种方式提升我的家庭实验室以在本地运行它,那么它可能会取代KeePass。
翻译自: https://medium.com/swlh/you-need-a-password-manager-1a74615ce372
ac管理器管理员密码忘记了
6322
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
