What are Passwords?什么是密码?
Passwords are strings of characters used to authenticate computer system users.密码是弦乐的用字来验证计算机系统的用户。
Computer users are normally asked to enter their username (or login name) and their password (or pass phrase) before they are give access to a system.计算机用户通常都要求输入他们的用户(或用户名称)及其密码(或密码短语) ,然后他们可以查阅制度。
If the person knows the username and the password, the computer systems trusts that they are the account owner and grants them access to their data.如果人知悉该用户名和密码,电脑系统相信,他们是帐户所有者及助学金进入他们的数据。
Selecting a good password选择一个良好的密码
Choosing a good password is critical for personal security, requiring password crackers to take additional time and resources to get access to your personal information and computer credentials.选择一个好的密码是至关重要的人身安全,要求密码破解采取额外的时间和资源来获取你的个人信息和计算机证书。 A poor password creates a false sense of security, and may endanger your personal information, access to computer resources, or even allow another individual to spawn attacks and viruses using your personal credentials.一个贫穷的密码,造成一种虚假的安全感,并有可能危及你的个人信息,获得计算机资源,甚至让另一名个人产卵攻击和病毒用你的个人资历。
Password Construction密码施工
Password crackers have many tools at their disposal to cut down the amount of time it takes to crack your password.密码破解有很多工具及其处置,以减少大量的时间才能破解您的密码。 Selecting a secure password will help to ensure that the password cracker must take as much time as possible to guess or otherwise identify your password.选择一个安全的密码,将有助于确保密码破解要以尽量多的时间去猜测或以其他方式找出你的密码。 No password is ultimately secure, but if it takes the password cracker longer to crack the password than it takes for the password to become useless, you will have succeeded in thwarting the cracker's attack.没有密码,最终是安全的,但如果这就是把密码破解更长的时间才能破解密码,比它为密码,成为无用的,你会已成功地挫败了黑客的攻击。
Insecure methods不安全的方法
- Passwords should not be created using personal information about yourself or your family.密码不应造成使用个人资料,您或您的家人。 A password cracker with incentive to break your personal password will use this information first, making these passwords the least secure passwords.密码破解与激励打破你的个人密码将利用这一信息首先,让这些口令至少安全的密码。 Examples of bad passwords of this type are: your name, birthplace, nickname, family name, names of pets, street address, parents names, names of siblings and the like.例子坏密码这种类型的是:你的姓名,出生地,昵称,姓氏,地名的宠物,街道地址,家长姓名,名称,兄弟姐妹等。
- Passwords should not be formed of words out of any dictionary or book.密码不应该形成讲出任何字典或预订。 Longer words do not generally add much protection.较长的话一般不放入多少保护。 Using known words in any language allows the password cracker to take shortcuts in his password cracking schemes, allowing him to guess your password in a very small fraction of the time it would take otherwise.用已知的话,在任何语言允许密码破解采取捷径,在他的破解密码计划,让他猜你的密码在一个非常小的一部分的时候,它会采取其他方式。 Examples of bad passwords of this type are: dragon, secret, cheese, god, love, sex, life and similar words.例子坏密码这种类型的有:舞龙,秘密,奶酪,上帝,爱情,性,生命和类似的话。
- Passwords should not be composed of proper nouns of places, ideas, or people.密码不应组成的专有名词的地方,意念或人民。 These words are commonly found in password cracker databases.这些话通常存在于密码破解数据库。 Examples are: Jehovah, Tylenol, edutainment, Coolio, beesknees, transformers.例子是:耶和华,对乙酰氨基酚,娱乐, coolio , beesknees ,变压器。
- Passwords should not be simple variations of words.密码不应该是简单的变异字。 Although these passwords don't appear in a book or dictionary, it is a simple matter to generate a replacement word list automatically.虽然这些密码,没有出现在一本书或字典,它是一个简单的事,以产生替换单词表自动。 These passwords are more secure than the above two examples, but not significantly more secure.这些密码是更多的安全性并不比以上两个例子,但不显着更加安全。 Examples of passwords of this type are drowssap, l0ve, s3cr3t, dr@gon, and similar word-like terms.实例密码这种类型是drowssap , l0ve , s3cr3t博士@恭,以及类似字样。
- Passwords should not be a concatenation of two words commonly following each other in a sentence.密码不应是一个级联的两个词常见下列对方句子。 These passwords are more secure than the above password concepts, but still fall far short for password security.这些密码是更多的安全性并不比上述密码观念,但仍远远低于为密码安全。 Examples of these kinds of passwords are: whatfor, divineright, bigpig, ilove, farfetched, catspajamas.的例子,这些种密码是: whatfor , divineright , bigpig , ilove ,牵强, catspajamas 。
- Do not reuse recently employed passwords again.不要再用最近聘请了密码。 If you find it difficult to pick a new password, you should wait until you changed you password at least 5 times before reusing an old password, or 12 months if password changes are common.如果你觉得难以挑选一个新的密码,你应该等到你变了你的密码,至少5次,才重用旧的密码,或12个月内,如果密码更改屡见不鲜。
Secure methods安全的方法
- Always change your password immediately if you feel that your password has been compromised.永远改变你的密码,立即如果您觉得您的密码已经失密。 Always do this directly.始终做到这一点,直接。 Never follow links sent to you in email, through an instant messenger client, or from a phone call you received.不要跟随链接发送给您的电子邮件中,通过即时通讯客户端,或从一个通电话,你收到了。 Ask for administrative assistance if you have trouble changing your password.要求行政协助,如果你有麻烦更改密码。
- Do not write your password down where others may find it.不写你的密码下跌而其他人可能发现它。 If you must write it down, ensure it is in a locked location that is only accessible to you.如果你必须写下来,确保它是在一个上锁的位置,而且只能给您。 Hiding your password in places you feel it is unlikely to be found is not helpful.隐藏密码的地方,您觉得这是不太可能发现是无益的。 Password crackers have a criminal mind, and generally know where to look.密码破解有犯罪心理时,一般都知道在哪里找。
- It is important that you change your password on a regular schedule, at least every six months.这是非常重要的,你改变你的密码就一个有规律的作息,至少每6个月。 This assists you by throwing off any cracking efforts that might be in progress, but have not yet been completed.这将协助你抛过任何开裂的努力可能在进步,但至今仍未竣工。 It also helps you if somehow you have compromised your password in some other way without knowing it.它还可以帮助您,如果您在某种程度上已经作出妥协,你的密码,在其他一些方式却不知情。
- Select passwords that use a mixture of capital letters, numbers, and special characters.选择密码,使用混合的大写字母,数字和特殊字符。 Take heed however, some systems do not allow you to use some or any special characters.注意,但是,有些制度不容许你用一些或任何特殊字符。 Make sure you check the password criteria for the system you are using ahead of time, if possible.确保您核对密码标准的制定,系统你正在使用前面的时候,如果可能的。
- Use substitution of numbers for letters and letters for numbers in your passwords.使用替代的号码,信件和信件,为能够在你的密码。 Although this is not a primary method of securing your password, it will add another layer of security on top of a good password, and will prevent the accidental guess of your password due to circumstances.虽然这不是一个主要方法是确保您的密码,它将会再增加一层安全性再加上一个好的密码,以防止意外猜你的密码因情况而定。
- Where it is not possible to use many characters in your password (less than 14), it is advisable to create a password by creating a passphrase, and selecting letters in a specific position in each word.那里是不可能用多字,在你的密码(不少于14个) ,最好是建立一个密码通过创建密语,并选择信件在一个特定的位置,在每一个字。 An example of this is "jJjshnImn2".这方面的一个例子是" jjjshnimn2 " 。 As you notice, it's unlikely that any cracker would guess this password; however, it is easy to remember when you note the passphrase "John Jacob Jingleheimer Schmidt, his name is my name too".因为你的通知,将来也不可能有任何裂解猜这个密码,但它是很容易记得,当你注意到密语"约翰雅各布jingleheimer施密特,他的名字是我的名字太" 。 Notice the use of number substitution and capitalization in the password.公告使用号码替代和资本密码。
- The best passwords are complete phrases if the system will allow them.最好的密码是完整的短语,如果该系统将允许他们。 They are sometimes called "passphrases" in reflection of this.他们有时也被称为" passphrases "反映了这一点。 For example, a good passphrase might be "I clean my Glock in the dishwasher."举例来说,一个良好的密码可能是: "我干净我的格洛克在洗碗机" 。 You can also use number and letter substitution on passphrases as well.您也可以使用人数和信取代对passphrases以及。 Longer passphrases generally mean better password security.较长passphrases通常意味着更好的密码安全。
Password Secrecy密码保密
Passwords are useless if they are distributed to other than to their intended users.密码都是枉然,如果它们分发给其他超过其预定用户。 Below is a list of methods to keep your passwords private.下面是一个列出的方法来保持你的私人密码。
- If you have a large number of passwords to remember, or you don't feel you can remember important ones, you can use your computer to assist you in the storage of passwords.如果你有大量的密码,要记住,或者你不觉得你能够记得重要的,你可以使用你的电脑,以协助您在存储的密码。 You can encrypt your password list with an acceptable master password using reliable encryption software.您可以通过加密密码清单,与可接受的主密码采用可靠的加密软件。 Many password managers are available for this purpose.许多密码管理器 ,可用于这一目的。 For experienced users Gnu Privacy Guard and Pretty Good Privacy are free for individual use.对于有经验的用户GNU隐私民警卫队和不错的隐私都是免费供个人使用。 Ensure you know how to use encryption properly; improper use of encryption technologies may defeat the whole purpose of using encryption in the first place.确保您知道如何使用加密;不当使用加密技术可以打败整个目的是利用加密摆在首位。 Seek help from an encryption expert, or purchase commercial encryption software if understanding is not forthcoming.寻求帮助,从一个加密专家,或购买商业性加密软件,如果理解是不是垂手可得的。 Do not store your encrypted passwords, or your encryption keys, somewhere that another person may gain access to them.不储存你的加密密码,或者你的加密密钥,某处另一人可能获得这些武器。
- Refrain from using the same password on multiple systems, especially systems that do not serve the same function.不要使用同一个密码的多个系统,特别是系统,不提供相同的功能。 Never use passwords you use on Internet forums, games, websites, or otherwise for any important password.从来不使用密码,你使用互联网上的论坛,游戏,网站,或以其他任何重要的密码。 It is trivial for the owners of these systems to extract your passwords if they are willing.这是小事,为业主的这些系统,以提取你的密码,如果他们愿意的。
- Never tell another a password through e-mail, instant messenger clients, chat rooms, forums or other shared environments.从来没有告诉另外一个密码,通过电子邮件,即时通讯客户,聊天室,论坛或其他共享的环境。 These conversations are almost never entirely private.这些交谈内容几乎从来没有完全私营。 Do not tell someone your passwords over a cell phone or cordless telephone, as these are insecure mediums for conversation, and may easily be monitored.不要告诉别人你的密码超过手机或者无绳电话的,因为这是不安全的媒介为会话,并可能很容易被监测。 If you must tell someone a password over a telephone land line, make sure the party you are speaking with is the only listener.如果你要告诉别人密码超过土地电话线时,要确保党的您通话,是唯一听众。 You may want to validate that additional parties are not listening in by calling the original party on a number you know is owned by them.您可能想要验证额外当事人不听,在呼唤着原来的党就数你知道的是,他们拥有的。
- Do not use shared passwords unless it is entirely unavoidable.不要使用共用密码,除非它是完全不可避免的。 Passwords shared between multiple users prevents the determination of which user performed which actions.密码共享多个用户之间可防止确定对哪些用户履行哪些行动。
- Of course, never tell your passwords to anyone.当然,从来没有告诉你的密码告诉任何人。 Once you tell someone else your password, you no longer have control over the scope of password knowledge.当你告诉别人你的密码,你不再需要控制的范围密码的知识。 If you absolutely must share your account access to a computer system, change the password to a new password first before sharing it, and then change the password back to its original form once the other users are done performing the necessary efforts.如果你绝对必须分享您的帐号进入电脑系统,更改密码到一个新的密码先分享它,然后根据需要更改密码回复到原来的版本,一旦其他用户正在做表演必要的努力。
Two-Factor Authentication双因素认证
The original password concept has been proven to be insecure.原密码的概念已被证明是不安全的。 There have been cases where passwords have been compromised without a users knowledge, through coersion, or because they were conned into revealing it.已有的情况下,密码已经失密未经用户的知识,通过coersion ,或因为他们conned透露。 The core problem with legacy passwords is that it is very difficult or impossible for an administrator or a computer system to differentiate between a legitimate user and illegitimate user gaining access through the same password.核心的问题,与传统的密码是:它是非常困难或根本不可能为一个管理人或电脑系统,以区分合法用户和非法用户访问,通过同一个密码。 Because of this inherent flaw in the original password system, Two Factor Authentication was invented.由于这种固有缺陷,在原密码系统, 双因素认证是发明。
A password is "something you know."一个密码是"你知道" 。 This information is understood to be known by a single individual.这方面的资料了解,被称为是由一个单一的个体。 Two-factor authentication systems add in another factor, "something you have", electronic card key, electronic token, dongle, fob or some other physical item you keep in a secure place when not in use.双因素认证系统,加上另外一个因素, "你有" ,电子卡密码匙,电子令牌,解密器,离岸价或其他一些物理项目你保持在一个安全的地方,在不使用的时候。 A common stand in replacement for this second factor when higher levels of security are needed is "something you are".一个共同的立场,在替换为这第二个因素,当更高级别的安全性是需要的是一种"你" 。 A biological fingerprint, retina pattern, person's weight, specific vital signs or a combination of these items is used in place of the electronic device.生物指纹,视网膜格局,人的体重,具体的生命体征或组合这些物品是用来代替电子器件。 The biological factor for authentication and authorization has been found to be unreliable, but not in that it permits those that should not be permitted when used properly, but because there is a tendency for it to deny legitimate users access due to sickness, physical body changes, or other physical impairments.生物因素认证和授权中被认定为是不可靠的,而不是因为它的许可证是那些不应该允许在正确使用时,却因为有一种趋势是,它否定合法用户接入,由于身体不适,肉体的变化或有其他身体缺陷的。
There are two common methods of authentication when users use electronic components for two-factor authentication, response-only, and challenge-response systems.还有两种较常见的认证方法,当用户使用电子元件,为双因素认证,响应只与挑战-响应系统。
Response-only systems require a user to present your electronic device to an electronic reading system, or for you to enter data displayed on the electronic device without user input.响应系统只需要一个用户出示您的电子装置来一个电子阅读系统,或者为你输入数据所显示的电子装置,没有用户输入。 The user must provide a username or pin that is not known to outsiders, and then enter specific credential data generated by the electronic device when prompted.用户必须提供用户名或密码是不为外人所知,然后输入特定证书数据所产生的电子器件提示时。 In many cases, this mechanism returns the user back to a single factor authentication, where the user does not need to know something, but just posseses the item in question.在许多情况下,这种机制的回报用户返回一个单一的因素认证,用户并不需要了解的东西,但只拥有该项目的问题。 An example of this is the standard electronic card key used to enter a facility or building perimiter.这方面的一个例子是标准的电子卡主要用于将进入一个设施或建筑perimiter 。 The user need not provide any other factor to prove their identity.用户不必提供任何其他的因素,以证明自己的身份。
Challenge-response systems require the user to enter a specific passphrase or pin into the electronic device first, before the device responds with the proper access credentials data.挑战-应答系统要求用户输入特定密码或密码到电子器件第一,在该装置的反应与妥善获得证书的数据。 This varient is always considered two-factor authentication, since the user must provide both "something they know" (the pin), and use "something they have" (the electronic device).这种变异是始终考虑了两个因素认证的,因为用户必须提供双方"的东西,他们知道" (针) ,并使用" ,他们有" (电子装置) 。
Both the response-only and challenge-response systems can be defeated if the user both reveals the private information they keep secret, such as their username or pin code, and the attacker takes ownership of the electronic device.无论是反应,只有与挑战-响应系统能够被打败,如果用户既揭示私人信息,他们保守秘密,如自己的用户名或密码,并攻击者需拥有的电子装置。 Due to this weakness, the bioligcal factor was invented.由于这个弱点, bioligcal因素,是发明了。
Biological factors have been in use for several decades, and have proven to be reliable and secure ways to prevent unauthorized users from gaining access to secure systems or environments, regardless of the privacy of their passwords used.生物因素已使用了几十年,并已被证明是可靠及安全的方式,以防止未经授权的用户获取安全系统或环境中,无论其隐私的,他们所用的密码。 Systems monitor fingerprints, eye retina patterns, weight, ambient temperature, and other biological signs to determine the authenticity of the user requesting access.系统监测的指纹,眼睛视网膜的模式,重量,环境温度,以及其他生物的迹象,以确定真伪的用户请求访问的。 Movies have been touting methods of defeating these systems by cutting off body parts, using retinal masks, or forcing legitimate users into bypassing the authentication mechanisms for the attacker.电影已招徕方法打败这些系统切断车身零件,用视网膜口罩,或迫使合法用户能够绕过认证机制,为攻击者。 These are largely Hollywood schemes and rarely work in the real world.这些都是在很大程度上好莱坞计划,而且很少活在现实世界。 In most cases where this level of security is required, local or remote monitoring of entry points through cameras and security personnell is common.在大多数情况下,这个级别的安全需要,本地或远程监控的入职起薪点是通过摄像机和保安人员是常见的。 Deadlock portals, remote activated magnetically controlled entranceways, and visual idenfitication are the norm.僵局门户网站,远程启动磁控入口处,与视觉idenfitication是正常现象。
Many simple methods have been devised to defeat weakly designed biological factor systems, so be sure you thoroughly test the security measures you plan to put in place before implementation.许多简单的方法已经设计出来打败弱设计,生物因子系统,所以,请确保你彻底测试的保安措施,您计划落实到位方可实施。
Bookmark What are Passwords?书签是什么密码?
