【英语语言学习】懒于管理密码 试试这些小技巧吧

搜索关注在线英语听力室公众号：tingroom，领取免费英语资料大礼包。

This is FRESH AIR. I'm Terry Gross. One of the downsides of all the conveniences of online shopping and banking¹, as well as social media and email is coming up with all of those darned passwords, and worse yet having to remember them. Many people use the same password for different sites, or store their multiple passwords right on their computers, leaving themselves vulnerable to hackers². Our technology correspondent, Alexis Madrigal³, suggests a reasonable course for protecting ourselves online without too much effort.

ALEXIS MADRIGAL, BYLINE⁴: It's time I admitted something. Though I've written about the Internet for years my online security practices are not good. Despite constant warnings from knowledgeable⁵ friends, I persist in doing all the things with my passwords that you're not supposed to. I don't make them complicated enough, I reuse the same ones over and over. I don't change them very often and I keep a list of important ones in a file on my computer. Frankly⁶, it's shameful⁷.

This fall, though, I decided⁸ it was time to get serious. I made a resolution - I would come up with a system for dealing⁹ with my passwords. First, I had to figure out what I wanted to protect and email sits atop that list because if you have access to my inbox, you can probably gain access to everything else. The best way to secure an account, like Google's Gmail, is to turn on two-step verification. Basically you link your phone with your account and then when you login from a new computer, Google text messages a random¹⁰ six digit¹¹ code to your phone that you have to enter along with your actual password. This means that even if your password fell into the wrong hands, without your phone, would-be attackers would be thwarted¹².

Apple's data syncing service iCloud offers the same protection, as do prominent social media services like Twitter and Facebook. So I enabled two-step verification in those places too. My particular bank doesn't offer two-step - shame on them - but many do, and the waiting for the text message and then entering the code is a minor¹³ hassle. It's worth the peace of mind. But that's only the very top security tier. Some sites are important, but not that important. And you might not want to introduce that level of friction¹⁴ into using them. For this trench¹⁵, I decided to generate really lengthy¹⁶ passwords using a specialized¹⁷ piece of software called, logically, a password manager.

Three I've heard and read great things about are 1Password, Dashlane and LastPass. I chose to use 1Password because it's been around since 2006 and longevity¹⁸ seems like a good thing in the security industry. The key to a password manager is this - if you don't have to remember all the dozens of passwords yourself, then you can use really, really tough ones for each site you visit and it'll remember them all for you. The whole program is controlled by a master code, which they encourage you to make the length of a sentence and essentially¹⁹ uncrackable. Basically, you make a deal with yourself - remember one really, really long tough password in exchange for the software remembering the rest.

Now, I'm not going to make the picture rosier²⁰ than it is. 1password is not the easiest software to use. You have to install the desktop²¹ program, then the browser²² extension and most likely an app on your phone. Then for every site you visit, you need to have it store that credential. Even more annoyingly, if you currently have weak passwords, you need to change those to something very difficult to guess. Then store that login in the software. Doing this over and over is quick but a hassle. For my 15-key sites, it took 22 minutes of concerted effort to complete. For other semi-important sites, I'm just dealing with them as I go.

I add a couple a day at most, so slowly my security hygiene²³ is improving. But you know in some diets there are cheat days? I have cheat passwords. For sites that truly don't matter, where login is merely a formality, I have used and will continue to use the exact same easy-to- remember password. If someone hacks²⁴ these accounts, nothing really bad can happen. I'd like to say that if you take all these steps you'll be forever safe from malicious²⁵ forces, but that's not true.

In an effort to make customer service easier, many companies allow the security questions like where did you go to high school? - To stand in for your password itself. With our ever more Google-able identities and underground malicious services that traffic in Social Security numbers and other personal information, bad actors will continue to use this loophole to compromise accounts. But none of this actually sends me running from the web. All I really want is peace of mind that I did what was reasonable.

My attitude online is the same one I have off-line. Consider that we hand our credit cards to strangers every day and our private mail sits in our mailboxes untended. Theoretically we could take crazy precautions to prevent problems, but the odds²⁶ are nothing horrible will happen, and people make that trade-off. Perhaps one day a fingerprint²⁷ or Iris²⁸ or facial scanner will completely replace all the numbers and letters that unlock our digital lives. But until then, a couple hours will go a long way towards making your data secure from criminals. Simple precautions will fend²⁹ off the dumbest of them and nothing will stop the smartest.

GROSS: Alexis Madrigal is a visiting scholar at Berkeley's Center for Science, Technology, Medicine and Society and is the Silicon³⁰ Valley bureau chief for the Fusion³¹ cable and digital network.

分享到：