随着互联网的发展,以反击密码破解者和其他黑客,他们也同样努力反击。CAPTCHA的引入为密码窃贼提供了巨大的障碍,但诸如OCR(光学字符识别(character recognition))之类的方法已经帮助克服了它。
现在比以往任何时候都更重要的是拥有最安全的密码。二十年前,常见的建议是永远不要使用字典中的单词作为密码。今天,它比这复杂得多。
在采用替代帐户安全(account security)方法之前,正确的密码礼仪(password etiquette)可以为您节省无数小时的头痛和挫败感。在本文中,让我们讨论可用于创建强安全密码的三种方法。
使用安全密码生成器(Using a Secure Password Generator)
对于许多人来说,创建最安全密码的最佳解决方案实际上是根本不自己创建一个。依靠随机密码生成器(random password generator),无论是通过Random.org之类的网站还是(Random.org)LastPass之类的工具,都可以确保快速创建无限数量的安全密码。
我们建议您使用所有字母、数字和符号创建长度至少为 12 个字符的密码。有些网站会限制您的密码长度(password length)并限制符号的使用,但当您到达它们时,这些可以作为特殊情况处理。不要(Don)仅仅因为一些边缘异常值而限制您的整体安全性。
这是一种可靠的方法,因为它可以保证您的密码非常安全,但它的代价很大:您将如何记住密码?对于许多人来说,这归结为以下两个选项:
- 把它写下来,无论是在文件中还是在纸上
- 将其存储在密码管理器(password manager)中,例如LastPass
然而,两者都有潜在的失败。您可能会丢失纸张,您的计算机文件可能会丢失或被黑客入侵,是什么阻止了您的密码管理器(password manager)遭受破坏?毕竟,它也必须受密码保护。
从好的方面来说,最好的密码管理器提供多种形式的身份验证。例如,使用LastPass,您可以通过帐户密码(account password)和可以随身携带的双重身份验证设备来保护您的帐户。(authentication device)
使用句子或短语(Using Sentences Or Phrases)
每个人对事物的记忆都不一样。有些人的记忆力非常过目,而另一些人只能通过一遍又一遍地重复数百次才能记住某件事。
但是,很容易同意记住一个句子可能比记住一个随机的 16 个字符的字母数字字符串容易。您可以从永远不会忘记的句子或短语中创建强大且安全的密码。
这是一个例子:“我的第一只狗的名字是阿尔伯特。他是一只白色的拉布拉多猎犬。”(My first dog’s name was Albert. He was a white Labrador Retriever.”)
使用这句话中每个单词的第一个字母和每个标点符号(punctuation mark),我们可以创建这个密码:Mfd'nwA.HwawLR。
就像使用生成器或密码管理器(generator or password manager)一样,这也有一个缺点。如果您打算为每个网站使用唯一的密码(应该这样做),那么记住分配给每个网站的句子或短语(sentence or phrase)与记住晦涩难懂的密码一样困难。但是,您也许可以将其拉下来!
使用底座(Using a Base)
使用密码作为基础来生成其他安全密码是您在许多其他网站上找不到讨论的一种方法,但我们相信它是记住无限数量的密码并使用(几乎)每个网站或应用程序(website or app)的唯一密码。
首先想出一个基本密码(base password)。对于这个例子,我们将使用这个:
aNT@qV$tk8kQ
您需要记住基本密码(base password)。为此,您甚至可以创建一个基于我们的句子方法(sentence method)的基础。由于基本密码(base password)永远不会是您使用的完整密码,因此您甚至可以在记住它的过程中将其写在某个地方。
接下来,想出一个简单的公式来根据您使用的网站或应用程序创建一个短字符串。您可以使用的一种方法是考虑域名(domain name)。
例如,Online Tech Tips 的域名(domain name)是 online-tech-tips .com。现在,让我们将域名(domain name)的前两个和后两个字母(不带扩展名(.com))添加到我们的基础中。我们将使用前两个字母作为前缀,后两个字母作为后缀。
我们的密码现在是:onaNT@qV$tk8kQps
由于每个网站都必须有一个域名(domain name),这是一个非常可靠的方法。但是,在使用移动应用程序的情况下,您可能需要修改它。对于这些,您可以在考虑应用程序名称时简单地使用相同的技巧。像这样,您的Discord 应用程序(Discord app)的密码如下所示:DiaNT@qV$tk8kQrd
这种方法的唯一缺点是如果您的多个密码以某种方式泄露给同一个人。如果他们足够精明,他们也许能够弄清楚您是如何生成每个密码的。在那种情况下,他们实际上已经把它们全部偷走了。
如果您不愿意使用密码管理器(password manager)的单一阻塞点,那么创建自己独特、强大且最安全的密码是一项非常有价值的技能。无论(Regardless)您采用哪种方法,坚持下去都非常重要。
当您变得懒惰或自满并开始重复使用密码或使用不够复杂的密码时,您的安全就会受到威胁。
3 Ways To Come Up With the Most Secure Password
As the internet has grown to fight back against password crackers and other hackers, they’ve fоught back just as hard. The introduction of CAPTCHA presented a huge roadblock for password thieves, but methods such as OCR (optical character recognition) have helpеd defeat it.
Now more than ever, having the most secure password is crucial. Two decades ago, common advice would be to simply never use a dictionary word as your password. Today, it’s much more complex than that.
Until the adoption of alternative methods of account security, proper password etiquette can save you countless hours of headaches and frustration. In this article, let’s discuss three methods that you can use to create strong and secure passwords.
Using a Secure Password Generator
For many, the best solution to creating the most secure password is actually to not create one yourself at all. Relying on a random password generator, be it through a site like Random.org or a tool such as LastPass, guarantees a quick way of creating an unlimited number of secure passwords.
We suggest that you create a password at least 12 characters in length, using all of letters, numbers, and symbols. Some sites will limit your password length and restrict the use of symbols, but those can be handled as special cases when you arrive at them. Don’t limit your overall security just because of a few fringe outliers.
This is a solid method because it guarantees that your password will be incredibly secure, but it comes at a major cost: How will you remember the password? For many, it comes down to these two options:
- Writing it down, either in a file or on paper
- Storing it in a password manager such as LastPass
However, both have potential downfalls. You can lose paper and your computer files can be lost or hacked, and what’s stopping your password manager from suffering a breach? After all, it has to be protected by a password, too.
On the upside, the best password managers offer multiple forms of authentication. For example, with LastPass, you can protect your account by both an account password and a two-factor authentication device that you can keep with you physically.
Using Sentences Or Phrases
Everyone remembers things differently. Some people have very photographic memories, while others will only remember something by repeating it over and over, hundreds of times.
However, it’s easy to agree that remembering a sentence is probably easy than remembering a random 16-character alphanumeric string. You can create strong and secure passwords out of sentences or phrases that you’ll never forget.
Here’s an example: “My first dog’s name was Albert. He was a white Labrador Retriever.”
Using the first letter of each word in this sentence, and each punctuation mark, we can create this password: Mfd’nwA.HwawLR.
Like using a generator or password manager, this again comes with a downside. If you intend to use unique passwords for every website, which you should, remembering which sentence or phrase is assigned to each is just as difficult as remembering your obscure passwords. However, you might be able to pull it off!
Using a Base
Using a password as a base to generate other secure passwords is a method that you won’t find discussed on many other sites, but we believe that it’s one of the best and most versatile ways to both remember an infinite number of passwords and use a unique password for (almost) every website or app.
Start by coming up with a base password. For this example, we’ll use this:
aNT@qV$tk8kQ
You will need to memorize the base password. To do so, you can even create a base that’s built off of our sentence method. Since the base password will never be a full password that you use, you can even write it down somewhere while you’re in the process of memorizing it.
Next, come up with a simple formula to create a short string based on the websites or apps you use. One method you could use is considering the domain name.
For example, Online Tech Tips’ domain name is online-tech-tips.com. Now, let’s take the first two and last two letters of the domain name, without the extension (.com), and add it to our base. We’ll use the first two letters as a prefix and the last two letters as a suffix.
Our password is now this: onaNT@qV$tk8kQps
Since every website has to have a domain name, this is a really solid method. However, you may want to modify this in the case of using mobile apps. For these, you can simply use the same trick while considering the app’s name. Like this, the password for your Discord app would be as follows: DiaNT@qV$tk8kQrd
The only drawback of this method is in the event that several of your passwords are somehow leaked to the same person. If they’re savvy enough, they may be able to figure out how you’re generating each password. In that case, they’ve effectively stolen them all.
If you’re not willing to use the single choke-point of a password manager, creating your own unique, strong, and most secure passwords is an extremely valuable skill. Regardless of your approach, sticking with it is very important.
The moment you become lazy or complacent and begin reusing passwords or making use of passwords that aren’t complex enough, your security is at risk.