Let me hazard a wild guess: the system of passwords you use on the internet – for accessing online banking, email, shopping sites, Twitter and Facebook accounts – is a mess.让我大胆猜测一下:你在互联网上用于的,用作采访网上银行、电子邮件、购物网站、Twitter和Facebook账户的密码系统是一团糟。You know perfectly well what you ought to be doing: for each site you visit, you should be choosing a different, complex sequence of letters, numbers and symbols, and then memorising it. (Thats rule number one of the conventional wisdom on passwords: never, ever write them down.) But you dont do this, because you werent blessed with a brain thats capable of such feats.你几乎告诉自己应当怎么做:你所采访的每个网站,你都应当自由选择一个由字母、数字和符号构成的有所不同且简单的序列,然后忘记它。(这是关于密码常规智慧的第一原则:总有一天不要把它们写出下来。)但你会这样做到,因为你无福享有不具备此类技能的大脑。
So instead you use the same familiar words for every site – your dogs name, the name of your street – with occasional ingenious permutations, such as adding 123 at the end. Or maybe you do try to follow the rules, in which case youre probably constantly getting locked out of your bank account or trying to remember the answers to various absurd security questions. (What was your favourite sport as a child?) And things are getting worse: these days, you find yourself forced to choose passwords with both upper- and lower-case letters, and what normal human being can remember multiple combinations of those? Not you, thats for sure.因此,你每一个网站都用于某种程度熟知的单词——你家狗的名字、你家街道的名字 ——有时候精妙的排序一下,如结尾特个“123”。或者,或许你的确尝试了遵循这样的规则,某些情况下,你有可能总是进不了你的银行帐户或企图忘记各种可笑的安全性问题的答案。
(“你小时候最喜欢的运动是什么?”)事情显得更加差劲:这些天,你不会发现自己要不得不自由选择大写和小写字母构成的密码,哪个正常人可以忘记这样的多个人组?不是你,这是认同的。One reason not to feel too guilty about your bad password behaviour is that it seems to be almost universal. Last month, an analysis of leaked pin numbers revealed that about one in 10 of us uses 1234; a recent security breach at Yahoo showed that thousands of users passwords were either password, welcome, 123456 or ninja. People choose terrible passwords even when more is at stake than their savings对于自己的差劲密码不道德不必深感过于愧疚的一个原因是它样子是完全广泛的。上个月,外泄的密码分析表明,我们中约有十分之一的人用于“1234”,雅虎最近的安全漏洞指出,成千上万的用户密码不是password、 welcome、123456 就是ninja.即使他们的财产不会面对更好的风险,人们还是自由选择差劲的密码。
Password hacking takes many different forms, but one crucial thing to understand is that its often not a matter of devilish cunning but of bludgeoning with brute force.密码黑客不会采行多种不同的形式,但要明白关键的一件事是,它一般来说不是恶魔般的阴险,而是蛮力的用于。This is where the length of your password makes an almost unbelievable difference. For a hacker with the computing power to make 1,000 guesses per second, a five-letter, purely random, all-lower-case password, such as fpqzy, would take three and three-quarter hours to crack. Increase the number of letters to 20, though, and the cracking time increases, just a little bit: its 6.5 thousand trillion centuries.你密码的长度可以产生完全令人难以置信的差异。对于黑客的计算能力,每秒1000次猜测, 5个字母、几乎随机、仅有小写的密码,如“fpqzy”,只要花费3小时45分钟来密码。
把字母数减少到20,只是一点点,但密码的时间减少:这将是6500万亿个世纪。Then theres the question of predictability. Nobody thinks up passwords by combining truly random sequences of letters and numbers; instead they follow rules, like using real words and replacing the letter O with a zero, or using first names followed by a year. Hackers know this, so their software can incorporate these rules when generating guesses, vastly reducing the time it takes to hit on a correct one. If you think youve got a clever system for coming up with passwords, the chances are that hackers are already familiar with it.这样就有可预测性的问题。没有人想要出有密码是由字母和数字确实随机人组的序列;忽略,他们遵守规则,像用于确实的单词和用“zero”更换字母“O”,或在名字后面再加年份。
黑客们告诉这一点,所以他们的软件在展开猜测时可以相容这些规则,大大减少了中奖准确答案所花费的时间。如果你指出你早已有了一个想要出有密码的聪慧方法,很有可能黑客们早就熟知它了。The least hackable password, then, would be a long string of completely random letters, numbers, spaces and symbols – but youd never remember it. However, because length matters so much, the surprising truth is that a longish string of random English words, all in lower case – say, awoken wheels angling ostrich – is actually much more secure than a shorter password that follows your banks annoying rules, such as M@nch3st3r. And easier to remember: youve already formed a memorable image of some noisy wheels waking up an ostrich fishing by a riverbank, havent you?那么最不更容易被密码的密码,将是由几乎随机的字母、数字、空格和符号构成的一串很长的字符- 但你总有一天记不住它。
然而,因为长度那么最重要,令人惊艳的真凶是,一串随机英语单词构成的长长的字符,仅有是小写字母——写出着“苏醒车轮钓鱼乱世者”——只不过比你遵循银行无聊的规则设置的短密码更为安全性,如“M @ nch3st3r”。而且更容易忘记:你早已构成了一个感人的印象,一些吵杂的车轮吵醒乱世的人在河边钓鱼,是不是?One day, we may not have to worry about any of this: there are innovations in development that might replace passwords entirely. Touchscreens could be configured to detect subtle aspects of your interactions with your computer – the distances between your fingers, the speeds at which you tap and scroll.有一天,我们有可能不必再行担忧这些:发展的创意可能会几乎代替密码。触屏可以配备得找到你和你电脑之间错综复杂的对话——通过你手指之间的距离、你点字和滑动的速度。
本文来源:bob官方网站-www.oneillsgardenland.com