填空题
Computer passwords need to be memorable and secure. Most people"s are the first but not the second. Researchers are trying to make it easier for them to be both.
A. Passwords are widely used in computer security. All too often, they are also ineffective. A good password has to be both easy to remember and hard to guess, but in practice people seem to choose the former over the latter. Names of wives, husbands and children are popular. Some take simplicity to extremes: one of my friends used "z" for many years. And when hackers stole 32m passwords from a social-gaming website called RockYou, it emerged that 1.1% of the site"s users—365,000 people—had chosen either for "123456" or for "12345".
B. That predictability lets security researchers create dictionaries which list common passwords, good news to those seeking to break in. But although researchers know that passwords are insecure, working out just how insecure has been difficult. Many studies have only small samples to work on—a few thousand passwords at most. Hacked websites such as RockYou have provided longer lists, but there are ethical (伦理的) problems with using hacked information, and its availability is unpredictable.
C. However, a paper to be presented at a security conference held with the support of the Institute of Electrical and Electronics Engineers, a New York-based professional body, in May 2012, sheds some light. With the cooperation of Yahoo!, a large Internet company, Joseph Bonneau of Cambridge University obtained the biggest sample to date—70m passwords that, though anonymised (隐去姓名), came with useful demographic data about their owners. Mr. Bonneau found some interesting variations. Older users had better passwords than young ones. People whose preferred language was Korean or German chose the most secure passwords; those who spoke Indonesian the least. Passwords designed to hide sensitive information such as credit-card numbers were only slightly more secure than those protecting less important things, like access to games. "Nag screens" that told users they had chosen a weak password made virtually no difference. And users whose accounts had been hacked in the past did not make dramatically more secure choices than those who had never been hacked.
D. But it is the broader analysis of the sample that is of most interest to security researchers. For, despite their differences, the 70m users were still predictable enough that a generic password dictionary was effective against both the entire sample and any demographically organised slice of it. Mr. Bonneau is blunt: "An attacker who can manage ten guesses per account...will compromise around 1% of accounts." And that, from the hacker"s point of view, is a worthwhile outcome.
E. One obvious answer would be for sites to limit the number of guesses that can be made before access is blocked, as cash machines do. Yet whereas the biggest sites, such as Google and Microsoft, do take such measures, many do not. A sample of 150 big websites examined in 2010 by Mr. Bonneau and his colleague
Computer Password
Computer passwords need to be memorable and secure. Most people"s are the first but not the second. Researchers are trying to make it easier for them to be both.
A. Passwords are widely used in computer security. All too often, they are also ineffective. A good password has to be both easy to remember and hard to guess, but in practice people seem to choose the former over the latter. Names of wives, husbands and children are popular. Some take simplicity to extremes: one of my friends used "z" for many years. And when hackers stole 32m passwords from a social-gaming website called RockYou, it emerged that 1.1% of the site"s users—365,000 people—had chosen either for "123456" or for "12345".
B. That predictability lets security researchers create dictionaries which list common passwords, good news to those seeking to break in. But although researchers know that passwords are insecure, working out just how insecure has been difficult. Many studies have only small samples to work on—a few thousand passwords at most. Hacked websites such as RockYou have provided longer lists, but there are ethical (伦理的) problems with using hacked information, and its availability is unpredictable.
C. However, a paper to be presented at a security conference held with the support of the Institute of Electrical and Electronics Engineers, a New York-based professional body, in May 2012, sheds some light. With the cooperation of Yahoo!, a large Internet company, Joseph Bonneau of Cambridge University obtained the biggest sample to date—70m passwords that, though anonymised (隐去姓名), came with useful demographic data about their owners. Mr. Bonneau found some interesting variations. Older users had better passwords than young ones. People whose preferred language was Korean or German chose the most secure passwords; those who spoke Indonesian the least. Passwords designed to hide sensitive information such as credit-card numbers were only slightly more secure than those protecting less important things, like access to games. "Nag screens" that told users they had chosen a weak password made virtually no difference. And users whose accounts had been hacked in the past did not make dramatically more secure choices than those who had never been hacked.
D. But it is the broader analysis of the sample that is of most interest to security researchers. For, despite their differences, the 70m users were still predictable enough that a generic password dictionary was effective against both the entire sample and any demographically organised slice of it. Mr. Bonneau is blunt: "An attacker who can manage ten guesses per account...will compromise around 1% of accounts." And that, from the hacker"s point of view, is a worthwhile outcome.
E. One obvious answer would be for sites to limit the number of guesses that can be made before access is blocked, as cash machines do. Yet whereas the biggest sites, such as Google and Microsoft, do take such measures, many do not. A sample of 150 big websites examined in 2010 by Mr. Bonneau and his colleague
填空题
Mr. Bonneau found that the passwords used by older users were more secure than the ones used by young users.
填空题
Amazon once tried to allow its American users to use passphrases but it didn"t work out well.
填空题
A password which is easy for the user to remember and hard for other people to guess can be called a good password.
填空题
Many newly-established sites do not want to spend much time on password security.
填空题
A mnemonic password seems like nonsense but it is not too hard to remember.
填空题
It has been quite hard for researchers to figure out how insecure the passwords are.
填空题
Structures common in ordinary English and the phrases chosen by Amazon"s users have a lot in common.
填空题
Sites can make the accounts more secure by limiting the number of guesses before access is blocked.
填空题
As long as people want things to be simple while being safe, hackers will always be able to find a way to break in.
填空题
Users who had been hacked before did not pay much more attention to account security than those who hadn"t.