s2011web登录密码
Are you still using “password” to protect access to your vital administration systems? Of course not but, according to software security company SplashData, it’s still at #1 in the dumb password chart. Here’s the “top” 25 compiled from lists of stolen passwords posted online:
您是否仍在使用“密码”来保护对重要管理系统的访问? 当然不是,但是,根据软件安全公司SplashData的说法 ,它仍然处于哑密码图表的第一位 。 这是从网上发布的被盗密码列表中汇总的前25名:
- password 密码
- 123456 123456
- 12345678 12345678
- qwerty qwerty
- abc123 abc123
- monkey 猴
- 1234567 1234567
- letmein 让我进去
- trustno1 trustno1
- dragon 龙
- baseball 棒球
- 111111 111111
- iloveyou 我爱你
- master 主
- sunshine 阳光
- ashley 阿什利
- bailey 贝利
- passw0rd passw0rd
- shadow 阴影
- 123123 123123
- 654321 654321
- superman 超人
- qazwsx qazwsx
- michael 迈克尔
- football 足球
If your password’s on this list, perhaps it’s time to reconsider your security.
如果您的密码在此列表中,那么也许是时候重新考虑您的安全性了。
But, before we start sneering at user stupidity, are we partly to blame? Nearly every web application we create requires a password and they contribute to the problem. Despite the rise of OAuth and similar solutions, even infrequent web users probably require a dozen passwords for different sites. It doesn’t matter how much advice or education we give: people will always choose the easy option and select a simple password they can remember.
但是,在我们开始嘲笑用户的愚蠢之前,我们应该部分归咎于此吗? 我们创建的几乎每个Web应用程序都需要密码,并且它们会导致问题。 尽管OAuth和类似解决方案的兴起,但即使是不常使用的Web用户也可能需要为不同站点输入十二个密码。 不管您提供多少建议或教育,人们总是会选择简单的选项,然后选择自己能记住的简单密码。
过于复杂的密码策略 (Overly-Complex Password Policies)
Some systems attempt to solve the bad password problem by implementing certain lengths, requiring at least one number and making users change their password every few days. The worst examples limit the number of characters and don’t permit unusual characters such as punctuation. Effectively, they’re handing hackers a password “template” … and they rarely prevent people choosing “password01”, “password02”, etc.
一些系统尝试通过实现一定的长度,要求至少一个数字并让用户每隔几天更改一次密码来解决密码错误的问题。 最坏的例子限制了字符的数量,并且不允许使用不寻常的字符(例如标点符号)。 实际上,他们正在向黑客提供密码“模板”……并且很少阻止人们选择“ password01”,“ password02”等。
被动安全教育 (Passive Security Education)
With the possible exception of minimum-length passwords for financial and government services, users should generally be permitted to enter what they like. Good systems will encrypt passwords so there’s no reason to limit the string length or the characters which can be entered.
除了用于金融和政府服务的最小长度密码外,通常应允许用户输入自己喜欢的内容。 好的系统会加密密码,因此没有理由限制字符串长度或可以输入的字符。
Red-amber-green indicators for weak passwords are generally good, although it’s fairly abstract and I’ve seen many users ignore the warning. Perhaps a more informative alternative could highlight the consequences of a poor password, e.g.
弱口令的红琥珀色指示器通常是好的,尽管它是相当抽象的,而且我已经看到许多用户忽略了该警告。 也许更有用的替代方法可能会突出显示密码错误的后果,例如
A hacker could access your account in 3 seconds.
黑客可以在3秒内访问您的帐户。
Unfortunately, passwords remain our best option for web security. Unless someone knows of a better fool-proof alternative?
不幸的是,密码仍然是我们网络安全的最佳选择。 除非有人知道更好的防呆方案?
翻译自: https://www.sitepoint.com/worst-passwords-2011/
s2011web登录密码
