口令句:让你忘不了的密码
人人都知道,记密码令人痛苦。现在的系统很糟糕,因为它要求用户记住登录几十个不同网站所需的字母、数字和字符的奇怪排列,例如“Mercede$7”。 这是个问题,因为(1)一般人难以记住包含数字和符号的奇怪密码(2)黑客们往往能猜到一些我们经常加入密码的字母和字符(例如用$取代S),这让他们更容易破解我们的密码。 好消息是,现在有了另一种办法。它依靠所谓的“口令句”,更长一些,但是记起来要容易得多。 例如,用户不用把密码设置成类似Mercede$7这样,而是变成iwanttodriveaMercedesthroughthestreetsofBerlin(我想在柏林的大街上开梅赛德斯)。 长密码更安全,原因很简单,它的变量更多。《华盛顿邮报》报道称,这种做法得到了学术研究的支持: 卡耐基梅隆大学(Carnegie Mellon University)的一系列研究证实,口令句在网络安全方面非常有效,因为黑客程序会因为密码长度带来的随机性而放弃。对于计算机来说,诗句或简单句子的破解难度同样很高。更好的是,人们还不太容易忘记它们。 在创建口令句时,人们可以想一个怪诞的场景,甚至是一个让人恼火的短语。另一方面,用流行歌词或诗歌不是个好主意,因为黑客采用“暴力破解”的手段猜测密码时,会首先试用它们。 当然,有个问题在于,许多网站和机构仍在要求用户利用数字和符号创建讨厌的短密码,而不支持口令句,后者的长度通常为16至64个字符。 不过正如《华尔街日报》报道,好消息是,随着学术支持的增加,越来越多的机构甚至政府部门,都开始意识到使用口令句更加明智。 从更大的角度上看,密码作为一种安全功能,被淘汰只是时间问题。许多专家相信,密码终究会被一系列生物识别技术,例如指纹识别、虹膜扫描甚至体温探测等取代。不过,生物识别技术也有它们的局限性。 但是与此同时,更多消费者能够有机会把那些恼人的密码换成他们真正能记住的一些东西了。(财富中文网) 译者:严匡正 |
Everyone knows passwords are a pain. The current system is broken because it asks users to remember a weird jumble of letters, numbers, and special characters—say “Mercede$7″—for dozens of different websites. This is a problem because: 1) normal people struggle to recall weird words that contain numbers and symbols; and 2) hackers can often anticipate the common way we add a single letter or character (such as $ for “S”) to a password, making it easier to guess. The good news is there’s another approach. It relies on so-called “passphrases,” which are longer but much easier to remember. For instance, instead of Mercede$7, a user can create something like:iwanttodriveaMercedesthroughthestreetsofBerlin The longer password is effective for the simple reason that it contains more variables. As the Washington Postreports, the practice is getting support from academic research: A series of studies from Carnegie Mellon University confirmed that passphrases are just as good at online security because hacking programs are thrown off by length nearly as easily as randomness. To a computer, poetry or simple sentences can be just as hard to crack. Even better: People are less likely to forget them. To create a passphrase, people should think of a whimsical situation or even a phrase invoking a pet peeve. On the other hand, it’s not a good idea to use popular song lyrics or pieces of poetry because it’s more likely hackers will try those first in any effort to “brute force” guess the password. One catch, of course, is that many websites or organizations still prompt users to create the annoying, shorter passwords based on numbers and symbols—and may not allow passphrases, which are typically 16 to 64 characters long. But the good news, as the Post reports, is that more institutions, even government ones, are coming around to the wisdom of passphrases as academic support from the grows. In the bigger picture, passwords as a security features are on borrowed time. Many experts believe, in the long run, passwords will come to replaced with a host of biometric identifiers such as fingerprints, iris scans, or even body heat. Nevertheless, biometrics havelimitations of their own. But in the meantime, more consumers will get the opportunity to replace all those irritating passwords with something they might actually remember. |