评论
打印
The average person has 27 unique web logins.
我们平均每个人有27个自己的网络账号。
To create an account on a site, you have to register with a username and password.
要新建一个账号,需要用户名和密码进行注册。
And most people pick passwords that are easy to remember.
而大多数人都会选择简单好记的密码。
Actually, a lot of us end up using the same password for all of our websites, which is understandable, but risky.
事实上,很多人最后都会多个账户共用一个密码,虽然情有可原,但也很危险。
There are many different ways that hackers can get your password.
黑客有很多办法破解你的密码。
They can use programs that try to guess it by randomly cycling through different combinations,
他们可以用程序通过排列组合进行反复的随机尝试,
hacking the website itself, or phishing, by sending fake emails that look like they’re from a website or company, but actually aren’t.
直接黑掉相应的网站、或者进行钓鱼攻击,给用户发送看上去像是由网站或公司发送的虚假邮件。
All of this spells bad news for people that reuse the same password
对那些使用相同密码的人来说,这些做法简直就是他们的噩耗,
because you’re putting yourself at much higher risk for hackers being able to get into your emails, your photos, and even your bank info.
因为你亲手把自己的邮件、照片甚至银行账号的信息暴露给了黑客。
Last year Yahoo made headlines when it was the victim of a massive cyber attack,
去年,雅虎因为遭遇了大规模黑客攻击上了头条,
with sensitive information being stolen from 1 billion accounts.
十亿用户的私密信息被窃。
So if you had a Yahoo account and you used that same password for other sites,
如果你也是雅虎的用户,你的雅虎密码又和其他网站密码相同,
you were now vulnerable to all those other accounts being hacked too.
那你那些账户现在也可能被黑客攻击。
Every time there’s a big hack like this,
每次出现这种大规模黑客攻击,
experts tell us to stop using the same password for every website.
专家就告诫我们不要每个网站都用一个密码。
In fact, they say we should stop memorizing our passwords altogether,
事实上,他们应该告诫我们压根儿就别去记密码,
recommending that we use something called a password manager instead.
转而用所谓的密码管理软件。
I know, I know, it already sounds complicated. But trust me, it’s really not.
我知道我知道,听着是有些复杂。但相信我,其实并不复杂。
And it will help make all of your accounts much more secure.
反而能够帮助我们提高密码的安全性。
We currently think of passwords as things that we memorize and store inside our heads.
现在,密码对我们来说就是要记下来,储存在记忆力的东西。
But since we’re really bad at remembering random things,
然而,因为我们很难记住没有规律的东西,
there’s a limit to how complex your password can be and how many different ones you’ll be able to remember.
密码的复杂程度以及你能记住的密码个数就都有了限度。
As a result, most people have really simple passwords and many use the same one across all their logins.
到头来,大多数人都会使用简单的密码,甚至有很多人是所有的账户都共用一个密码。
This sucks because if a hacker gets access to your one password,
这种做法烂透了,因为一旦黑客攻击了你一个网站的密码,
they then have access to all of your different accounts.
他们就可以获取你所有的账号。
And if your password is uncomplicated, it’s astonishingly easy for hackers to guess it.
如果你的密码又不够复杂,那黑客想猜到你的密码简直是易如反掌。
For instance, if you use a password like, well, password, which is actually the eighth most commonly used one,
举个例子,如果你的密码就是"密码"这个单词本身,事实上它是使用频率第八的密码,
it would take a hacker mere milliseconds to guess it.
黑客只需要几毫秒就能破解。
But if you use a password manager to generate a 15-digit series of random upper and lowercase letters and numbers,
但如果你用密码管理软件生成了一个15位的,包含大小写字母及数字的随机密码,
that time jumps up to 609 million years.
破解的时间就会变成6.09亿年。
The biggest thing we need to do is stop keeping our passwords inside our heads.
所以,最最重要的就是,我们要停止记密码,
Instead, we need to put them somewhere else and lock them up, like a virtual safe.
转而将密码放在别的地方锁起来,比如放在虚拟的保险箱里。
This is what the password manager does.
这正是密码管理软件的作用。
It’s basically an app that keeps all of your passwords secure inside of a safe that only you can unlock.
从本质上讲,密码管理软件就是一个你能安全存放所有密码,而且只有你才能打开的软件。
This way you only need to remember one password.
这样一来,你就只需要记住一个密码。
And once you unlock the safe you can see all of your many different passwords in one place.
打开软件之后,所有的密码都会在一个地方显示出来。
Since it’s an app, you can access your passwords from any device you’ve installed it on.
因为它是一个软件,所以只要是安装了这个软件的设备,你都能打开这个应用。
And since you don’t need to remember all your passwords anymore, you can make them really long and complicated.
因为你再也不用记住所有的密码,你就能把这些密码设置得很长、很复杂。
So what happens if your password manager gets hacked?
如果你的密码管理软件也被黑客攻击了怎么办?
They would have access to all your individual passwords then, right? Not necessarily.
他们应该能获取你所有的个人密码对吗?不一定。
The password manager encrypts your data, so if a hacker looks inside your safe, all they’ll see is scrambled passwords.
密码管理软件对你的数据进行了加密,所以,即便是黑客进入了你的保险箱,他们也只能看到一堆乱码。
LastPass was hacked in 2015 and users had to change their master passwords.
2015年,LastPass就被黑客攻击了,用户被迫修改该软件的登录密码。
But the individual passwords inside were safe because of this encryption.
但因为有了加密,用户储存的个人密码还是安全的。
It may seem like it would be annoying to have to retrieve your password for every single website.
每上一个网站就要输一次密码似乎很烦人。
But, actually, most password managers have browser plugins that automatically fill your info in for you.
但实际上,大多数密码管理软件都和网站进行了关联,能够自动输入你的信息。
So in many cases, it’s actually easier.
所以很多时候,这类软件用起来都是很方便的。
And besides, it’s better than the alternative: becoming one of the millions of Americans that get hacked every year.
更何况,美国每年都有数百万人遭到网络攻击,用密码管理软件总好过成为他们中的一员吧。
