(Password security)近年来,密码安全性有所改善。公司(Corporations)需要轮流使用新密码,而且您不能只用一个简单的八个字符的短语就可以过关。大写和小写字母(Upper and lowercase letters)、数字和符号已成为常态,但即便如此还不够(t enough)。
您不能为多个帐户使用相同的密码,以免因一次违规而危及所有帐户。每个密码都必须与其他密码一样安全。当您考虑所有这些不同的场景时,您应该如何跟踪这一切?
很简单:密码管理器(password manager)。KeePass、LastPass和 1Password等应用程序消除了密码安全方面的艰巨工作。您只需要一个安全的密码即可登录您的密码管理器帐户(password manager account)。该软件负责其余的工作。
这些应用程序会为您的每个帐户生成几乎牢不可破的密码,而且由于您不知道这些密码是什么——而且他们的实际身份是加密的——黑客无法通过您的密码管理器(password manager)访问(gain access)您的帐户。
听起来(Sound)有用吗?它是。关键是确定众多选项中的哪一个是您的正确选择。
1. KeePass(下载(Download))
KeePass在众多竞争中脱颖而出的原因有一个:它不是基于云的。许多KeePass 最坚定的拥护者认为(KeePass argue),将密码存储在云中,即使是通过密码管理器(password manager),也是自找麻烦。
KeePass不承担任何风险;它的数据库完全基于您的本地驱动器,尽管您可以通过使用Dropbox等服务在设备之间同步它。
KeePass以其他密码管理器的一些便利性换取完全的定制和灵活性(customization and flexibility)。例如,该服务是开源的。如果您仅根据 UI 的吸引力来比较经理,那么KeePass将排在最后。看起来并不漂亮,但它让用户可以更好地控制他们的密码和安全性。
KeePass不会牵着你的手(hand and walk)引导你完成整个过程,这让那些不熟悉技术的人有点害怕。但是,如果您喜欢技术并且乐于使用更复杂的系统,那么KeePass是一个绝佳的选择。事实上,我们有一个完整的记录,你可以在这里阅读。
要知道什么:(What
to know:)
- 适用于Windows、Mac、Linux、iOS、Android、Chrome等
- 更多的定制,但更少的便利
- 自由
2. LastPass(下载(Download))
LastPass像其他经理一样工作。您只需要一个主密码(master password),然后它会处理其余的事情。最(Best)重要的是,一旦您设置好程序(这个过程只需要几分钟),您就可以从各种浏览器中导入所有保存的密码,包括不太知名的浏览器,例如Opera。
导入这些密码后,
LastPass会提供有关如何从计算机中删除它们的说明。该软件还提供双重身份验证、信用监控(credit monitoring)和其他安全功能,从各个角度保护您。
免费版LastPass(LastPass)提供上述所有功能,但付费购买高级选项会带来更多选择。LastPass的高级版允许您在台式机和移动设备之间同步信息,从而将功能扩展到一系列设备。
当您在其他选项之上考虑此功能时,很难出错。需要记住的一个缺点是LastPass过去曾遭受过安全漏洞,但该公司从那时起在改进和消除任何其他漏洞方面做得很好。
要知道什么:(What
to know:)
- 适用于Windows、Mac、Linux、
Chrome
- 免费选项具有许多功能,但高级选项将其扩展到单个设备之外
- 过去(Has)曾有安全漏洞
3. 1Password(下载(Download))
1Password 不仅仅是一个密码管理器(password manager)。在存储您的用户名和密码(username and password)的同时,它还提供了一个密码生成器(password generator),可以创建不受字典和暴力攻击的安全登录信息。(login information)
1Password 还具有“瞭望塔”功能(” feature),可监视流行网站上的攻击,并警告您任何已知的、持续的违规行为。还有一个数字钱包可以让用户存储信息(store information),并且开发人员已经向任何能够破解其加密的人提供了赏金。如果这不能证明他们的信心,我(t speak)不知道会怎样。
1Password 不是免费的,但每月只需 2.99 美元。您可以通过每年支付订阅费(subscription fee)来节省几美元。虽然该程序曾经收取一次性费用,但只要您订阅,这个月度价格就可以让您访问所有功能。
不用担心 - 即使您取消订阅,您的数据仍然是安全的。您可以通过您选择的任何方法在设备之间同步您保存的信息,但该公司特别概述了与Dropbox 和 iCloud(Dropbox and iCloud)的兼容性。
要知道什么:(What
to know:)
- 适用于Windows、Mac、iOS、
Android
- 需要每月订阅 2.99 美元
- 监控功能让您随时了解持续的安全威胁
4. Dashlane(下载(Download))
就功能而言, Dashlane(Dashlane)可能是LastPass最接近的竞争对手,但有一个明显的缺点会降低其整体评分:价格。
Dashlane每年的价格从 40 美元到 60 美元不等。虽然它有一个功能丰富的免费版本,但付费版本包括使密码管理器(password manager)真正有用的大部分功能,比如跨设备同步。
Dashlane确实为您提供了密码生成器、虚拟钱包和加密的自动填充功能。虽然在成本效益基础上可能不像LastPass(LastPass one)那样功能齐全,但该软件至少值得一试。
要知道什么:(What
to know:)
- 适用于Windows , Mac , 各种浏览器
- 年价格高于大多数竞争对手
- 在很多方面类似于 LastPass
为什么需要密码管理器
当然,密码管理器很方便,但您可能想知道它们是否真的有必要。答案很简单,响亮的是。这就是为什么。您知道安全密码的最佳做法吗?这是一个广泛的清单,几乎每个人都犯有违反:
- 12-14(或更多字符长度)
- (Mix)大小写字母、数字和符号的混合
- 不包含容易识别的个人信息,如家庭住址或生日(home address or birthday)
- 没有像 p@44w0rd 这样的简单单词或密码
- 每个帐户的唯一密码
- 每六个月更换一次
需要跟踪的内容很多,尤其是在您有几十个帐户的情况下。即使您创建自己的密码,每六个月重新学习一次密码也会很快成为问题。密码管理器(password manager)可以解决您的问题,并完全消除击键记录器(keystroke logger)可能发现您的密码是什么的机会。
击键记录器(keystroke logger)能够检测到的只是密码管理器的主密码——(password manager—and)如果(master password)没有其他相关信息(或者甚至不知道它进入密码管理器(password manager)),那么仅此而已是没有用的。
查看此列表中的选项。还有其他的,比如 Apple 的Keychain 功能(Keychain functionality),但它不够安全,不值得考虑。就普通最终用户的整体安全性和便利性而言,上述四个密码管理器是我们最推荐的。
The Best Password Managers You Should Be Using
Password security has improved in recent уears. Corporations require new passwordѕ on a rotating basis, and you aren’t allowed to get by with just a simple eight-character phrasе. Upрer and lowercase letters, numbers, and symbols have beсome the norm, but even that іsn’t enоugh.
You can’t use the same password for more than one account lest you endanger all of them through a single breach. And each password has to be just as secure as the others. When you think about all these different scenarios, how are you supposed to keep track of it all?
Simple: a password manager. Applications like KeePass, LastPass, and 1Password take the hard work out of password security. All you need is a single, secure password to log in to your password manager account. The software takes care of the rest.
These applications generate nearly-unbreakable passwords for each and every one of your accounts, and since you don’t know what these passwords are—and their actual identity is encrypted—a hacker can’t gain access to your accounts through your password manager.
Sound useful? It is. The key is determining
which of the many options is the right choice for you.
KeePass stands out from a lot of the competition for one distinct reason: it isn’t cloud-based. Many of the strongest advocates for KeePass argue that storing passwords in a cloud, even via a password manager, is asking for trouble.
KeePass takes any risk out of the equation; it’s database is based entirely on your local drive, although you can sync it between devices through the use of services like Dropbox.
KeePass trades on some of the convenience
of other password managers in exchange for total customization and flexibility.
For example, the service is open source. If you compared managers based solely
on the attractiveness of their UI, KeePass would come in dead last. It’s not
pretty to look at, but it gives users more control over their passwords and
security.
KeePass will not hold your hand and walk you through the process, which makes it a bit intimidating to people that are not as skilled with technology. If you like technology and are comfortable working with more complicated systems, however, KeePass is a fantastic choice. In fact, we have a full write-up of it you can read here.
What
to know:
- Works with Windows, Mac, Linux,
iOS, Android, Chrome, and more
- More customization, but less
convenience
- Free
LastPass works like other managers. You
just need a single master password and then it takes care of the rest. Best of
all, once you get the program set up—a process that takes only a few
minutes—you can import all of your saved passwords from your various browsers,
including lesser-known browsers like Opera.
Once you’ve imported these passwords,
LastPass gives instructions on how to delete them from your computer. The
software also provides two-factor authentication, credit monitoring, and other
security features to keep you protected from all angles.
All of the above features are available with the free version of LastPass, but paying for the premium option opens up even more choices. The premium version of LastPass allows you to sync information between your desktop and mobile devices, which extends the functionality across a range of devices.
When you consider this feature on top of the rest of the options, it’s hard to go wrong. The one downside to keep in mind is that LastPass has suffered security breaches in the past, but the company has done a good job in the time since then to improve and eliminate any other vulnerabilities.
What
to know:
- Works with Windows, Mac, Linux,
Chrome
- Free option has a host of functionality,
but premium expands that beyond a single device
- Has had security
vulnerabilities in the past
1Password is more than just a password manager. While it stores your username and password, it also provides a password generator that creates secure login information that is immune to dictionary and brute force attacks.
1Password also has a “watchtower” feature that watches for attacks on popular websites and warns you of any known, ongoing breaches. There’s also a digital wallet that lets users store information, and the developers have offered a bounty to anyone that can break its encryption. If that doesn’t speak to their confidence, I don’t know what will.
1Password isn’t free, but has a low cost of just $2.99 per month. You can save a few dollars by paying the subscription fee annually. While the program used to charge a one-time fee, this monthly price provides access to all of the features for as long as you subscribe.
And don’t worry—even if you cancel your subscription, your data will still be safe. You can sync your saved information between devices through whatever method you choose, but the compny specifically outlines compatibility with Dropbox and iCloud.
What
to know:
- Works with Windows, Mac, iOS,
Android
- Requires a monthly subscription
of $2.99
- Monitoring features keep you
informed of ongoing security threats
Dashlane may be the closest competitor to LastPass in terms of features, but there is one glaring downside that knocks points off its overall rating: the price.
Dashlane runs anywhere from $40 to $60 per year. Although it has a feature-packed free version, the paid version includes the majority of features that make the password manager truly useful like syncing across devices.
Dashlane does provide you with a password
generator, a virtual wallet, and encyrpted auto-fill features. While perhaps
not quite as fully featured as LastPass one a cost-benefit basis, the software
is worth at least checking out.
What
to know:
- Works with Windows, Mac,
various browsers
- Higher yearly price than most
of the competition
- Similar to LastPass in many
ways
Why You Need a Password Manager
Password managers are convenient, sure, but
you may wonder whether they are really necessary. The answer to that is a
simple, resounding yes. Here’s why. Do you know the best practices for safe and
secure passwords? It’s an extensive checklist, and one almost everyone is guilty
of violating:
- 12-14 (or more characters in
length)
- Mix of uppercase and lowercase
letters, numbers, and symbols
- Does not contain easily
identifiable personal information like home address or birthday
- No plain words or passwords
like p@44w0rd
- Unique passwords for each and
every account
- Changed every six months
It’s a lot to keep track of, especially if you have dozens of accounts. Even if you create your own passwords, relearning them every six months will quickly become problematic. A password manager takes the problem out of your hands and completely eliminates the chance that a keystroke logger might find out what your password is.
All a keystroke logger will be able to detect is the master password to your password manager—and without the other correlating information (or even knowing that it goes to a password manager) then that alone is useless.
Check out the options on this list. There
are others out there, like Apple’s Keychain functionality, but it just isn’t
secure enough to be worth consideration. The four password managers above are
the ones we recommend above all others in terms of overall security and
convenience for the average end-user.