English 香港站
職位類型:
  


What Makes A Password Stronger
      作者:Stu Woo     來源: http://cn.wsj.com     發佈時間:7/13/2011 9:00:49 AM     流覽次數:18045
分享到:
For all its benefits, the Internet can be a hassle when it comes to remembering passwords for email, banking, social networking and shopping.

Many people use just a single password across the Web. That's a bad idea, say online-security experts.

'Having the same password for everything is like having the same key for your house, your car, your gym locker, your office,' says Michael Barrett, chief information-security officer for online-payments service PayPal, a unit of eBay Inc.

Mr. Barrett has different passwords for his email and Facebook accounts─and that's just for starters. He has a third password for financial websites he uses, such as for banks and credit cards, and a fourth for major shopping sites such as Amazon.com. He created a fifth password for websites he visits infrequently or doesn't trust, such as blogs and an online store that sells gardening tools.

A spate of recent attacks underscores how hackers are spending more time trying to crack into big databases to obtain passwords, security officials say. In April, for instance, hackers obtained passwords and other information of 77 million users in Sony Corp.'s PlayStation Network, while Google Inc. said this month that hackers broke into its email system and gained passwords of U.S. government officials.

So-called brute force attacks, by which hackers try to guess individual passwords, also appear to be on the rise, Mr. Barrett says.

PayPal says two out of three people use just one or two passwords across all sites, with Web users averaging 25 online accounts. A 2009 survey in the U.K. by security-software company PC Tools found men to be particularly bad offenders, with 47% using just one password, compared with 26% of women.

Another PC Tools survey last year showed that 28% of young Australians from 18 to 38 years old had passwords that were easily guessed, such as a name of a loved one or pet, which criminals can easily find on Facebook or other public sites. Other passwords can be easily guessed, too. Hackers last year posted a list of the most popular passwords of Gawker Media users, including 'password,' '123456,' 'qwerty,' 'letmein' and 'baseball.'

'If your password is on that list, please change it,' says Brandon Sterne, security manager at Mozilla Corp., which makes the Firefox browser and other software. Hackers 'will take the first 100 passwords on the list and go through the entire user base' of a website to crack a few accounts, he says.

People typically start changing online passwords after they've been hacked, says Dave Cole, general manager of PC Tools. However, 'after a relatively short time, all but the most paranoid users regress to previous behaviors prior to the security breach,' he says. He and other security experts recommend people change or rotate passwords a few times a year.

To come up with a strong password, some security officials recommend taking a memorable phrase and using the first letter of each word. For example, 'to be or not to be, that is the question,' becomes 'tbontbtitq.' Others mash an unlikely pair of words together. The longer the password─at least eight characters, experts say─the safer it is.

Once people figure out a phrase for their password, they can make it more complex by replacing letters with special characters or numbers. They can also capitalize, say, the second character of every password for added security. Hence 'tbontbtitq' becomes 'tB0ntbtitq.'

No matter how good a password is, it is unsafe to use just one. Mr. Barrett recommends following his lead and having strong ones for four different kinds of sites─email, social networks, financial institutions and e-commerce sites─and a fifth for infrequently visited or untrustworthy sites.

Even the strongest passwords, however, are useless if criminals install so-called malware on computers that allow them to track a person's keystrokes. Security experts say people can avoid this by keeping their antivirus and antispyware software updated and by avoiding downloading files from unknown websites and email senders.

Some security experts recommend slightly modifying passwords within each category of site. Companies such as Microsoft Corp. offer free password-strength checkers, but users shouldn't rely on them wholly because such strength tests don't gauge whether a password contains easily found personal information, such as a birthday or a pet's name.

It's especially important to have a separate password for an email account, says Mozilla's Mr. Sterne. Many sites have 'Forgot my password' buttons that, when clicked, initiate a password-recovery process by email. Hackers who break into an email account can then intercept those emails and take control of each account registered using that address.

Some websites, such as Google and Facebook, now let people register a phone number along with their account. If a person forgets his passwords, the sites reset the passwords by calling or sending a text message to that person.

Mr. Barrett says people should be able to remember four or five good passwords. If not, they can write them down on a piece of paper and stick it in their wallet, and then throw the cheat sheet away once all the passwords are memorized.

People who still struggle to remember them all can use a password manager. Several, such as LastPass, are free. LastPass prompts users to create a master password and then generates and stores random passwords for different sites. Some security experts warn against using managers that store passwords remotely, but LastPass Chief Executive Joe Siegrist says hackers can't access the passwords because all data is encrypted.

The worst thing that people can do after creating their different passwords: Put it on a sticky note by their monitor. 'That defeats the entire purpose,' says Mr. Sterne.

Heather O'Neill, a 27-year-old tech-company employee in San Francisco, had her Google email account broken into earlier this year. She says she used the same password for several sites, and that it was a weak one.

'I can't have one password for everything,' she says. 'Everything is going to be different.'
網站主頁  |   人才求職  |   企業招聘  |   培訓頻道  |   新聞中心  |   Talk853.com  |   Bid853.com  |   關於我們  |   聯繫我們
鄭重聲明 :本網只提供公司和求職者之間一個網絡交流平臺,不涉及任何公司與求職者之間的勞務關係.
未經澳門人才網同意,不得轉載澳門人才網之所有招聘及相關信息
Copyright© 2005-2024  澳門人才網(www.Job853.com). All rights reserved.    法律顧問:麥興業大律師樓
Powered by 澳門長江網絡有限公司(互聯網服務牌照01/2007)