2018年最差密碼:“123456”依舊排名第一,“donald”光榮上榜
“Donald”(唐納德)又上榜了,。這次可不是世界領(lǐng)導(dǎo)人排名,而是“最差密碼”榜單,?;诖蠹s500萬(wàn)個(gè)被泄漏的密碼,密碼管理公司SplashData公布了今年的最差密碼“100強(qiáng)”,。 “Donald”在這個(gè)榜單中排名第23,,與之一道上榜的還有“qwerty”(第9)、“password”(第2)和“baseball”(第32),。差中之差是哪個(gè)呢,?“123456”,它已經(jīng)穩(wěn)居榜首達(dá)五年之久,。 差密碼都很短,,容易猜到,往往包含英文單詞或常見(jiàn)縮寫(xiě),,而且使用者眾多,。如果你設(shè)定的密碼榜上有名,,那就趕緊改改吧。 那怎樣才是高強(qiáng)度密碼呢,?每個(gè)網(wǎng)站都單獨(dú)創(chuàng)建一個(gè),較長(zhǎng),,而且不是常見(jiàn)的詞語(yǔ)或排列,。許多專(zhuān)家現(xiàn)在建議用幾個(gè)隨機(jī)挑選的單詞組成一個(gè)密碼,這是密碼生成器Diceware推廣的技術(shù),。雖然這似乎和常識(shí)相?!詣?dòng)化軟件難道不會(huì)嘗試所有這些詞嗎?——但大量的組合以及密碼的長(zhǎng)度讓破解這樣的密碼和破解較短,、幾乎無(wú)法在鍵盤(pán)上敲出來(lái)或者記住的密碼同樣困難,。 密碼管理軟件能按照人們希望的任何方式生成高強(qiáng)度密碼,而這正是SplashData推廣上述榜單的原因之一,。它的競(jìng)爭(zhēng)對(duì)手很多,,包括蘋(píng)果公司和谷歌所有硬件、軟件和瀏覽器中內(nèi)置的支持功能,,比如蘋(píng)果的iOS,、Safari、iCloud和谷歌的安卓系統(tǒng),、Chrome及其他app,,另外還有1Password、Dashlane和LastPass,。 據(jù)專(zhuān)門(mén)公布被破解密碼的網(wǎng)站Have I Been Pwned介紹,,過(guò)去幾年被盜的賬號(hào)超過(guò)56億個(gè),這也讓研究者得以深入研究這個(gè)問(wèn)題,。 安全專(zhuān)家的建議是,,網(wǎng)站不要允許用戶(hù)創(chuàng)建很容易破解的密碼,但為了不讓用戶(hù)望而卻步,,有些網(wǎng)站更傾向于不要求設(shè)置高強(qiáng)度密碼,。 不過(guò),也有一些網(wǎng)站制定了復(fù)雜的密碼要求,,比如要包含大寫(xiě)和小寫(xiě)字母,,有一位數(shù)字以及一個(gè)符號(hào)。而這有可能造成人們選擇 “Password1!”作為密碼——對(duì)盜號(hào)者來(lái)說(shuō),,這個(gè)密碼的破解難度只比“password”大一丁點(diǎn)兒,。 在許多數(shù)據(jù)庫(kù),約一半用戶(hù)依靠的都是某幾個(gè)密碼中的一個(gè),。黑客們能破解這些簡(jiǎn)單密碼,,然后輕而易舉地進(jìn)入數(shù)百萬(wàn)甚至數(shù)千萬(wàn)個(gè)賬號(hào)中,。如果許多用戶(hù)在多項(xiàng)服務(wù)中共用一個(gè)低強(qiáng)度密碼,盜一個(gè)號(hào)就可能威脅到他們?cè)谠S多網(wǎng)站上或諸多服務(wù)中的賬號(hào),。(財(cái)富中文網(wǎng)) 譯者:Charlie 審校:夏林 |
“Donald” has joined a new list. Not of world leaders, but of “worst passwords.” The password-management firm SplashData released its annual list of the 100 worst character combinations it found among leaks of about five million passwords. “Donald” entered the list at position 23. You’ll also find “qwerty” (#9), password (#2), and baseball (#32). The worst of the worst passwords? “123456,” which has been sitting on top of the worst password chart for five years running. Bad passwords are short, easily guessed, often contain words or common abbreviations, and are used by many other people. If one of yours is on the list, the right time to change it is right now. What’s a strong password? It’s uniquely created for each site, it’s relatively long, and it’s not a common phrase or sequence. Many experts now recommend a password made up of a few words that are picked at random, a technique popularized by Diceware. While this may seem counter-intuive—couldn’t automated software just try all those words?—the large number of combinations and the length of the password in total makes it as hard to break as a shorter, impossible-to-type or remember sequence. Password-management software can generate strong passwords according to any desired recipe, and it’s one reason SplashData promotes its list. Competitors abound, including built-in support across Apple’s and Google’s hardware, software, and browsers—iOS, Safari, and iCloud for Apple and Android, Chrome, and other apps for Google—as well as 1Password, Dashlane, and LastPass. With over 5.6 billion accounts leaked over the last several years, according to the password-breach notification site Have I Been Pwned, researchers have been able to take a good look at the problem. Security experts recommend that Web sites not allow users to create easily cracked password, but some sites prefer not to deter account creation by requiring something strong. However, other sites have complex password-formulating requirements—like a mix of upper and lower case, one number, and one symbol—that can lead people to pick “Password1!”, which is only slight harder for intruders to decipher as “password”. In many databases, about 50% of users rely on one of a handful of passwords. Hackers can crack those simple password and easily gain access to log into millions or tens of millions of accounts. With many users sharing the same, weak password across multiple services, that single breach can jeopardize their accounts at many different sites and services. |