行業(yè)英語 學英語,練聽力,上聽力課堂! 注冊 登錄
> 行業(yè)英語 > 金融英語 > 金融時報原文閱讀 >  第256篇

你的密碼有多脆弱?

所屬教程:金融時報原文閱讀

瀏覽:

2020年06月22日

手機版
掃描二維碼方便學習和分享

你的密碼有多脆弱?

很多人不僅會重復(fù)使用密碼,而且經(jīng)常選擇自己的寵物加數(shù)字、或是連著的鍵盤字母作為密碼——對我們的密碼設(shè)置習慣,黑客可比我們自己要了解地更多。

測試中可能遇到的詞匯和知識:

memorable顯著的,難忘的['mem(?)r?b(?)l]

leaked漏的[li:kt]

crummy微不足道的;寒酸的['kr?m?]

adultery通奸行為;外遇[?'d?lt(?)r?]

capitalisation市值(等于capitalization);資本化[,k?p?t?l?'ze??n]

Your passwords are a lot more vulnerable than you think( 659 words)

By Lisa Pollack

The puppy’s name can be whatever you want,the father in the Bizarro comic tells his son,“but make sure it is something memorable. You’ll be using it as a security question answer for the rest of your life.”

Unfortunately the name given to the dog — say,Poppy — may or may not have been encrypted when it was leaked among details of 500m Yahoo accounts,which included the answers to security questions about first pets. The dog’s name was probably also used as a password at some point as people often use pets’names — maybe with a couple of numbers at the end.

“Poppy95”is not a secure password but it is fairly typical and it illustrates an uncomfortable fact: our crummy password construction is predictable. And with large breaches of popular websites,hackers are getting to know us better than ever.

People often pick animals(“monkey”),keyboard patterns(“zxcvbn”),dad jokes(“l(fā)etmein”),sports teams(“l(fā)iverpool”) and angst(“whatever”). All proved popular with users of the adultery site,Ashley Madison,hacked last year. In case you are thinking only adulterers use weak passwords,many of these also showed up in a leak from the Last.fm music service which surfaced more recently.

Both breaches — estimated at about 30m-40m each — are dwarfed by the 164m LinkedIn and 360m MySpace accounts that appeared in May.

Passwords are valuable to hackers in a couple of indirect ways. First,most people — about 60 per cent by some estimates — reuse passwords. This means the login details from one site can be tried out on more valuable sites — financial accounts,for example,or people’s work. And,combined with details such as previous addresses obtained from a retailer and a date of birth from the Yahoo hack or Facebook,they may be used to obtain credit fraudulently.

Second,the data sets can be added to“dictionaries”comprising actual dictionaries,tens of thousands of books and all of Wikipedia,which can be used to crack passwords.

If you are thinking:“I may use the same base password but I change it a bit for different websites”,well,I have a research paper for you. A group from the University of Illinois at Urbana-Champaign and elsewhere looked at the often simplistic changes people make. Using passwords for the same users from different leaks,they were able to guess almost a third of the transformed passwords within 100 or fewer attempts. Popular changes involved two to three appended characters. Keyboard sequence changes,capitalisation changes and“l(fā)eet speak” — changing s to $,say — were also common.

Unfortunately,password strength meters aren’t much help as they underestimate hackers’understanding of users’habits.

In an ideal world,website owners would strengthen their own security to protect users. But if their customers use weak passwords — or reuse strong ones on other,less secure sites — there’s only so much they can do.

There is some encouragement to be had,though. University researchers from Pennsylvania tested whether people could correctly identify the more secure password among pairs,where“security”is“guessability”using cracking tools. Participants did reasonably well — identifying the benefits of capitals,digits and symbols in the middle of a password,and avoiding names.

However,they also overestimated the usefulness of appending digits,incorrectly selecting“astley123”as more secure than“astleyabc”. The former is easier to crack because of the pervasiveness of the pattern of appending digits — hence the problem with the variant of Poppy’s name.

Participants also“underestimated the poor security properties of building a password around common keyboard patterns and common phrases”. They wrongly believed that“iloveyou88”is stronger than“ieatkale88”(which frankly seems like an excellent name for a dog).

The researchers concluded that such misunderstandings,and poor password choices generally,stem from an underestimation of the risk of potential attacks and a lack of knowledge about how dangerously common certain construction techniques are. Which is not surprising,they note,as we don’t often see one another’s passwords. Unfortunately,hackers do.

1.Why the son should remember the puppy’s name in the Bizarro comic?

A. the dog is with us our entire life

B. it should be taken seriously

C. it may be a security question answer

D. the name will be the password

答案(1)

2.What is the password“Poppy95”illustrating with?

A. crummy password construction is predictable

B. stolen password is fairly typical

C. crummy password is unsafe

D. people often use pets’names

答案(2)

3.How many percent of people are used to reuse passwords?

A. 30%

B. 40%

C. 60%

D. 80%

答案(3)

4.Which one of the following is not right about password?

A. “iloveyou88”is not stronger than“ieatkale88”

B. using names is more secure

C. “astley123”is easier to crack than“astleyabc”

D. customers are best not to use weak passwords

答案(4)

(1) 答案:C.it may be a security question answer

解釋:“這只小狗的名字你可以隨便取,”漫畫Bizarro中的父親告訴兒子,“但要確保能記住。因為你一輩子都要把它作為安全問題的答案?!?

(2) 答案:A.crummy password construction is predictable

解釋:“Poppy95”并非一個安全的密碼,但它相當普遍,而且說明了一個令人不安的事實:我們隨隨便便的密碼結(jié)構(gòu)是可以預(yù)測的。

(3) 答案:C.60%

解釋:大概60%的人會重復(fù)使用密碼。這意味著,一個網(wǎng)站的登錄細節(jié)可能會在更有價值的網(wǎng)站上使用:例如金融賬戶或人們的工作。結(jié)合從零售商獲取的以前的地址以及從雅虎或Facebook獲取的生日日期,這些密碼可能會被用來騙貸。

(4) 答案:B.using names is more secure

解釋:密碼要避免使用名字但后綴數(shù)字的用處也被高估,因為后綴數(shù)字模式很普遍,同時常見的鍵盤模式和常見短語設(shè)置密碼安全性也很差。

用戶搜索

瘋狂英語 英語語法 新概念英語 走遍美國 四級聽力 英語音標 英語入門 發(fā)音 美語 四級 新東方 七年級 賴世雄 zero是什么意思邯鄲市光明書香苑英語學習交流群

網(wǎng)站推薦

英語翻譯英語應(yīng)急口語8000句聽歌學英語英語學習方法

  • 頻道推薦
  • |
  • 全站推薦
  • 推薦下載
  • 網(wǎng)站推薦