SQT: Choosing a Password sqt :选择一个密码
July 5th, 2008 · by David Bradley 2008年7月5日由大卫布拉德利
What’s the best password to use for your login?什么是最好的密码才能使用,为您的登录? You wouldn’t use any of the following would you?你不会使用下列任何你会吗?
Your partner’s name您的伙伴的名称
Your child’s name您孩子的姓名
Your pet’s name您的宠物的名字
Any of the last digits from your social security number任何最后的数字,从您的社会安全号码
123456
“password” “密码”
Your city您的城市
Your college您的大学
Your football team您的足球代表队
Your date of birth您的出生日期
Your partner’s date of birth你的伴侣的出生日期
Your child’s date of birth您的孩子的出生日期
“god” “上帝”
“letmein” “ letmein ”
“money” “钱”
“love” “爱”
Surely not?当然不是? Well some of you may do, as these are, according to以及你们有些人可能这样做,因为这是根据 IT Security IT安全 , among the most popular passwords. ,其中最受欢迎的密码。
For inspiration on how to come up with some that’s less easy to guess or ascertain, check out my灵感就如何想出一些认为的那么容易猜到的或确定,检查出我的 passwords for scientists密码科学家 post and my邮政和我 making your passwords stronger使您的密码更强 item.项目。
6 responses so far ↓六月的反应,到目前为止↓
Pachecus pachecus // / / Jul 6, 2008 at 1:32 am 2008年7月6日在上午01时32分
good points… my pass is xxxxxxxxxxx lol好点…我的通过是xxxxxxxxxxx lol
Pachecuss last blog post.. pachecuss最后的博客帖子.. One Year With Gmail Blog一年与Gmail博客
David Bradley 大卫布拉德利 // / / Jul 6, 2008 at 8:10 pm 2008年7月6日在下午8时10分
Good one!好一个!
Ari Herzog 急性呼吸道感染赫尔佐克 // / / Jul 7, 2008 at 9:13 pm 2008年7月7日在下午9点13分
Do you remember the 1987 film,你还记得1987年的电影, Spaceballs spaceballs ? ?
In one scene, Dark Helmet incredulously exclaims that only an idiot would use the combination, 12345, on his suitcase lock; and by the next scene, we learn that President Skroob uses that very sequence on his luggage.在另一个场景中,黑暗的头盔incredulously exclaims ,只有白痴,会使用相结合, 12345 ,对他的行李箱锁;和由下现场,我们了解到,总统skroob的用途非常序列对他的行李。
If Hollywood can make us laugh about it, it’s no wonder that real people use similarly inane words for their computer passwords.如果好莱坞可以使我们笑约,这是不奇怪的,真正的人使用同样inane换句话说,他们的电脑密码。
This brings up a tangent, though: I frequent many websites, each requiring a password.这带出了一个切线,虽然:我经常有很多网站,每一个要求输入密码。 I keep a Notepad file on my laptop in a personal folder that lists every user/pass combination, along with what email address (if applicable) is linked to that username (in case my password is wrong).我一直一个记事本文件中对我的笔记本电脑在个人文件夹,列出每个用户/通过组合,随着什么的电子邮件地址(如适用)联系该用户名(在案件我的密码是错误的) 。
I also use Firefox, which remembers passwords.我也使用Firefox ,记得的密码。 Usually.通常。
I use a different password for each email address, bank account, etc. But for many sites (social media, for instance), the password is the same.我使用不同的密码,为每一个电子邮件地址,银行帐户等,但许多网站(社会媒体,例如) ,密码是相同的。 Should it be different?应否不同?
David Bradley 大卫布拉德利 // / / Jul 8, 2008 at 7:46 am 2008年7月8日在上午07时46分
Yeah, Spaceballs…I’d forgotten that movie.是啊, spaceballs … …我要忘记的电影。 Good call.良好的通话。
I think you’re leaving yourself wide open to all kinds of ID theft problems should your laptop ever be stolen.我觉得您离开自己的广泛开放给所有种身份盗窃问题,应您的笔记型电脑都被偷走。 Even if you’ve encrypted that Notepad file (you have, haven’t you) and you’re using a Firefox master password, I think it would be a trivial matter to crack both unless you’ve got something very strong in place.即使您已经加密的记事本文件中指出, (你有,没有你)和您使用的是Firefox的主密码,我认为那将是一个非同小可,打击都除非您有一些很强烈的在地方。
I’d not recommend keeping an electronic copy of a password list on your premises at all.我要建议不要保存电子版的密码列表,即可在所有的处所。 Do an encrypted unlabeled backup and store it offsite.做一个加密标签的备份和储存外。
And, definitely choose a different password for each SM site.和,一定选择一个不同的密码为每个钐网站。 If just one of those sites were broken into and all passwords laid bare, I think the chances of the thief trying all the password combos on other sites is quite high.如果只是其中之一,这些网站被打破,成为和所有密码戳穿,我认为机会小偷试图所有的密码组合在其他网站上是相当高的。
Ari Herzog 急性呼吸道感染赫尔佐克 // / / Jul 8, 2008 at 2:23 pm 2008年7月8日在下午2时23分
Ironically, David, after I posted the above and before I saw your reply I googled for suggestions and stumbled upon讽刺的是,大卫后,我张贴了上述之前,我看到您的回复I googled的建议和偶然发现 this clever way这个聪明的方法 to remember passwords.要记住密码。 Which I’m in the process of overhauling to all of my sites.而我在这个过程中的检修,以我所有的网站。
In essence, I now use a alphanumeric non-Dictionary phrase, eg Qwerty11, as the root.在本质上,我现在使用的字母数字非字典的词组,例如qwerty11 ,作为根。 Then sites requiring password cause new characters, eg a password for Digg might be Dqwerty11g, though with specific letters capitalized and lowercased.然后网站需要密码事业的新特点,例如密码digg可能dqwerty11g ,虽然具体的字母大写和lowercased 。
I keep a different format for my email address passwords and personal finance passwords.我不断的格式不同,为我的电子邮件地址的密码及个人财务的密码。
Ari Herzogs last blog post..急性呼吸道感染herzogs最后的博客帖子.. Economic Woes Aside, Rock & Roll Music Should Never Die经济困难之外,摇滚音乐应该永远不死
David Bradley 大卫布拉德利 // / / Jul 8, 2008 at 3:52 pm 2008年7月8日在下午3时52分
yeah, there are certainly lots of methods out there, based on an intracranial algorithm of some sort.是啊,当然有很多的方法有,基于对颅内算法某种形式的。 In the past I suggested在过去的,我建议 passwords for scientists密码科学家 . 。 But, key to security is to test the strength of any passwords you come up with.但是,关键是要安全测试的力量,任何密码,你来了。 I was quite surprised at how one test rated a password I thought was strong as only 3/10…quickly changed that.我很奇怪,怎么一测试评价一个密码,我以为是强烈,因为只有3 / 10 …迅速改变了这一点。
Leave a Comment留下意见