[REBORN FROM THE ASHES][comment][12.26]

prettywraithUID: 197049

Comments (2009-12-26):

Focusing on passwords aplenty besieging a vast majority of people, this is a wonderful passage, without many obscure professional words. I almost never come cross difficult sentences or contents, while I was reading it. And the article is also very useful for me, because, aplenty passwords always make me exhausted in work and life.

As one software engineering, password problems usually appear in my life, though I do not take care of information security or network security. A lot of regulations ask us how to create passwords, how to keep them and how to change them frequently, because those passwords are related personal authorities entrancing different platforms in corporation. That is tough thing for us. The best headache problem is we must change our all passwords every three months. In my life leaving work, passwords also disturb me usually, when enjoying the happiness of surfing website. There are too my passwords to remember them clearly.

Therefore, it is very necessary that we need to use the password manager software. I cannot imagine how I deal with those passwords without the manager software. The author also suggests us to use some software tools to simplify our works on passwords and keep our passwords safely. In sum, under the author’s advice, let us take an action to use our passwords scientifically.

Good sentences:

Indeed, the majority of online users have an understandable aversion to strong, but hard-to-remember, passwords.

Unfortunately, the easier a password is to remember, the easier it is for thieves to guess. Ironically, the opposite—the harder it is to remember, the harder it is to crack—is often far from true.

Apart from stealing passwords from Post-it notes and the like, intruders basically use one of two hacks to gain access to other people’s computers or networks.

A more popular, though less effective, way is to use commercial software tools such as “L0phtCrack” or “John the Ripper” that can be found on the internet.

hugeseaUID: 190158

Comments


Two months ago, my MSN account was hacked into. The hackers changed my password and blocked my access to the account. Luckily, I discovered this early and got MSN to change my password via my secondary email account. It is true that we internet users are leaving ourselves open to security risks by adopting weak passwords. Creating strong passwords for all our online accounts is not a thing we should do. It is a thing you must do.

What makes a strong password? In a nutshell, a strong password must constitute the following:
It must be at least 8 characters long.
It needs to contain special characters such as @#$%^&
A variation of capitalization and small letters.

In my opinion, even if your password consists of the above, it is still not enough. Your password needs to be totally unique and different for each and every one of your online accounts. This is to make sure that in the event that one account is hacked into, your other accounts will not be affected.

Thus, generating and using a strong password is only your first line of defense against hackers. The most important thing that you should take note of is your internet browsing habits. When you are using a public terminal, make sure that it has the proper firewall and anti-virus installed, make sure your network is secure, log out when you are done with your session and clear the cache once you are done.

aladdin.ivyUID: 2596664

The form of this essay is very interesting. Its opening story makes me attracted and even thinks about myself in terms of password settings. To be honest, I have tried to use different passwords with every different logons and disdain to wrote it even on a post-it note, but it seems bring me a lot of troubles. Because I have a poor memory and the result of each time password forgotten and mixed up is applying a new logon. So form then on, I think it is better for me to set the same password for all the logons apart from some important registrations.

Another view I want to point out is that so many native words and phrases have been used in it, with which this report becomes vivid and readable.

敛寒影UID: 2613052

COMMENT


This passage is mainly about introducing several methods to improving the security of passwords.In order to protect our private information,the passwords should considering three factors, the length, complexity and randomness.I have never known how resourceful the intruders are,meanwhile,I have recognized some intereting way on how to set the encryption rigorously,such as using a mnemonic constructed from the first letters.
Science and technology is a double-edged sword, they continue to bring us new problems, while creating solutions to them.

The important role this article plays is that it brings some reflection for us as we shoule considering using the high-technology appropriatly.Have you opened the busines of online bank?Are you give your moble phone number to the random agency undefendedly once they asked for?We should reconsider the way we behaved is safe or not.It is possible that the old way such as the passage mentioned like recording the passwors in notebook is a good way in some situation.Whatever, the passage surpports some useful way to creat an secure passwaod.

好词好句：
That takes a lot of patience and computing power, and tends to be the sort of thing only intelligence agencies indulge in.


Choose passwords that are strong enough to make cracking them too time consuming for thieves to bother.


keep abreast of保持与。。。并列
heaven forbid但愿不会如此
scraps of paper便签条
interspersed with
用。。。点缀着
as a matter of course自然，不用说，照例.

qxn_1987UID: 2610437

How to stay sane（健全的） as well as safe while surfing the web
AT THIS time of the year, your correspondent crosses the Pacific to Japan for a month or so. He repeats the trip during the summer. He considers it crucial in order to keep abreast of（保持与…并列）all the ingenious technology which, once debugged by the world’s most acquisitive consumers, will wind up in American and European shops a year or two later.

He admits to flouting the advice of security experts: his failings include using essentially the same logon and password for many similar sites, relying on easily remembered words—and, heaven forbid, writing them down on scraps of paper. So his new year’s resolution is to set up a proper software vault for the various passwords and ditch the dog-eared list.

Your correspondent’s one consolation is that he is not alone in using easily crackable words for most of his passwords. Indeed, the majority of online users have an understandable aversion to strong, but hard-to-remember, passwords. The most popular passwords in Britain are “123” followed by “password”. At least people in America have learned to combine letters and numbers. Their most popular ones are “password1” followed by “abc123”.

Unfortunately, the easier a password is to remember, the easier it is for thieves to guess. Ironically, the opposite—the harder it is to remember, the harder it is to crack—is often far from true.（句式） That is because, not being able to remember long,
jumbled（混乱的，乱七八糟的） sets of alphanumeric characters（文字数字式字符） interspersed with（用…点缀着） symbols, people resort to（采取，诉诸于） writing them down on Post-it notes left lying around the office or home for all and sundry（全部） to see.

Apart from stealing passwords from Post-it notes and the like, intruders basically use one of two hacks to gain access to other people’s computers or networks. If time and money is no problem, they can use brute-force（强力） methods that simply try every combination of letters, numbers and symbols until a match is found. That takes a lot of patience and computing power, and tends to be the sort of thing only intelligence agencies indulge in.

The third component, randomness, is measured by a concept borrowed from thermodynamics（热力学）—the notion of entropy（平均信息量，熵） (the tendency for things to become disordered). In information theory, a tossed coin has an entropy of one “bit” (binary digit). That is because it can come down randomly in one of two equally possible binary states.

Once installed and given a strong password of its own, plus an e-mail address, LastPass encrypts（加密，将…译成密码） all the logons and passwords stored on your computer.


Comments:

Obviously, the development of high-technology has improved our quality of life dramatically, our life become more convenient, more comfortable. Nonetheless, in the meantime, there are some potential problems as the advent of high-technology, such as the problems of keeping privacy, or safety.

It would be nettlesome if you were attacked by hackers that gain access to your computers and networks deliberately. Therefore, we need to take some defensive measures to avoid being attacked by hackers. And passwords may promise so to some extent.

豆腐店的86UID: 2512956

Passwords aplenty
Dec 18th 2009 | LOS ANGELES
From Economist.com
生词
读多遍才懂的句子
好句子，好表达法
-------------------------------------------------------------------
How to stay sane as well as safe while surfing the web
AT THIS time of the year, your correspondent crosses the Pacific to Japan for a month or so. He repeats the trip during the summer. He considers it crucial in order to keep abreast of all the ingenious technology which, once debugged by the world’s most acquisitive consumers, will wind up in American and European shops a year or two later.

Each time he packs his bags, though, he is embarrassed by having to include a dog-eared set of notes that really ought to be locked up in a safe. This is his list of logons and passwords for all the websites he uses for doing business and staying in touch with the rest of the world. At the last count, the inch-thick list accumulated over the past decade or so—your correspondent’s sole copy—includes access details for no fewer than 174 online services and computer networks.



Alamy
He admits to flouting the advice of security experts: his failings include using essentially the same logon and password for many similar sites, relying on easily remembered words—and, heaven forbid, writing them down on scraps of paper. So his new year’s resolution is to set up a proper software vault for the various passwords and ditch the dog-eared list.

Your correspondent’s one consolation is that he is not alone in using easily crackable words for most of his passwords. Indeed, the majority of online users have an understandable aversion to strong, but hard-to-remember, passwords. The most popular passwords in Britain are “123” followed by “password”. At least people in America have learned to combine letters and numbers. Their most popular ones are “password1” followed by “abc123”.

Unfortunately, the easier a password is to remember, the easier it is for thieves to guess. Ironically, the opposite—the harder it is to remember, the harder it is to crack—is often far from true. That is because, not being able to remember long, jumbled sets of alphanumeric characters interspersed with symbols, people resort to writing them down on Post-it notes left lying around the office or home for all and sundry to see.

Apart from stealing passwords from Post-it notes and the like, intruders basically use one of two hacks to gain access to other people’s computers or networks. If time and money is no problem, they can use brute-force methods that simply try every combination of letters, numbers and symbols until a match is found. That takes a lot of patience and computing power, and tends to be the sort of thing only intelligence agencies indulge in.

A more popular, though less effective, way is to use commercial software tools such as “L0phtCrack” or “John the Ripper” that can be found on the internet. These use dictionaries, lists of popular passwords and rainbow tables (lookup tools that turn long numbers computed from alphanumeric characters back into their original plain text) to recover passwords.

According to Bruce Schneier, an independent security expert, today’s password crackers “can test tens—even hundreds—of millions of passwords per second.” In short, the vast majority of passwords used in the real world can be guessed in minutes. And do not think you are being smart by replacing the letters “l” or “i” in a password with the number “1”; or the letter “s” with the number “5” or the symbol “$”. Cracking programs check all such alternatives, and more, as a matter of course.

What should you do to protect yourself? Choose passwords that are strong enough to make cracking them too time consuming for thieves to bother.

The strength of a password depends on its length, complexity and randomness. A good length is at least eight symbols. The complexity depends on the character set. Using numbers alone limits the choice to just ten symbols. Add upper- and lower-case letters and the complexity rises to 62. Use all the symbols on a standard ASCII keyboard and you have 95 to choose from.

The third component, randomness, is measured by a concept borrowed from thermodynamics—the notion of entropy (the tendency for things to become disordered). In information theory, a tossed coin has an entropy of one “bit” (binary digit). That is because it can come down randomly in one of two equally possible binary states.

At the other extreme, when you set the encryption of a Wi-Fi link, you are usually given the choice of 64-bit or even 128-bit security. Those bit-numbers represent the entropy (or randomness) of the encryption used. A password with 64 bits of entropy is as strong as a string of data comprising 64 randomly selected binary digits. Put another way, a 64-bit password would require 2 raised to the power of 64 attempts to crack it by brute force—in short, 18 billion billion attempts. A 64-bit password was finally cracked in 2002 using brute-force methods. It took a network of volunteers nearly five years to do so.

The National Institute of Standards and Technology, the American government’s standards-measuring laboratory in Gaithersburg, Maryland, recommends 80-bit passwords for state secrets and the like. Such security can be achieved using passwords with 12 symbols, drawn from the full set of 95 symbols on the standard American keyboard. For ordinary purposes, that would seem overkill. A 52-bit password based on eight symbols selected from the standard keyboard is generally adequate（还凑活，差强人意的表达方法）.

How to select the eight? Best to let a computer program generate them randomly for you. Unfortunately, the result will be something like 6sDt%k&3 that probably needs to be written down. One answer, only slightly less rigorous, is to use a mnemonic constructed from the first letters (plus contractions) of an easily remembered phrase like “Murder Considered as One of the Fine Arts” (MCa1otFA) or “To be or not to be: that is the question” (2Bo-2b:?).

Given a robust 52-bit password, you can then use a password manager to take care of the dozens of easily guessable ones used to access various web services. There are a number of perfectly adequate products for doing this. In an early attempt to fulfil his new year’s pledge, your correspondent has been experimenting with LastPass, a free password manager that works as an add-on to the Firefox web browser for Windows, Linux or Macintosh. Versions also exist for Internet Explorer on Windows and Safari on the Mac.

Once installed and given a strong password of its own, plus an e-mail address, LastPass encrypts all the logons and passwords stored on your computer. So, be warned: forget your master password and you could be in trouble—especially if you have let the program delete (as it urges you to let it do) all the vulnerable logons and passwords on your own computer.

Thereafter, to visit various web services, all you have to do is log into LastPass and click the website you wish to check out. The tool then automatically logs you on securely to the selected site. It will even complete all the forms needed to buy goods online if you have stored your home address, telephone number and credit-card details in the vault as well.

Your correspondent looks forward to using the service while travelling around Japan over the next month or so. To be on the safe side, however, his dog-eared list of passwords will still go with him.
------------------------------------------------------
sane  proceeding from a sound mind  : RATIONAL
dog-eared  翻旧了的
flout  contemptuous disregard  : SCORN  *flouting the rules*
interspersed to insert at intervals among other things  *interspersing drawings throughout the text*
brute-force NOT SURE 强制力
c ENCODE
binary digits 二进制数
overkill an excess of something (as a quantity or an action) beyond what is required or suitable for a particular purpose  *publicity overkill*  *an overkill in weaponry* 巨大杀伤力的
mnemonic   assisting or intended to assist memory;  also   : of or relating to mnemonics
and the like 不知道在距离里面作何解？
-------------------------------------------------------
Comments
The article provides some knowledge on setting password. Usually, people are likely to set passwords that are easy to remember. However, according to the writer, the easier the password is to remember the easier it is to crack. In this case, what we need to do to create a strong password is to set a 80-bit password, suggested in the article, which can be achieve by lining up 12 symbols chosen from all the 95 symbols of the standard American keyboard.
I am prone to believe what the article claims. But using a program to manage all my hard-to-remember passwords is really not my way of dealing with encoding. I prefer to create three different passwords for all the encoding, so that I will not forget which password fit which blank. Additionally, in order to make them hard to be cracked, I use symbols that represent some specific interest of mine and make them as long as 16 symbols. However, according to the writer, this way of creating password is in lack of randomness, which is what I am thinking about right now to strengthen all my passwords.

都说了不是又八UID: 2728357

7th article

Comment

Well… I have to admit I was fond of this, hacking the logons and passwords and creating chicken on the website. Rudimentary I was, though.


After attempts and attempts I cut the most effective way: cheating the logons and passwords out of the victim’s mouth. Sounds really attracting, for a plank now and then does make life more interesting. Don’t you think?


However, to be caught or not, that’s the question. The most difficult password to solve is not the password itself. It’s the desire to know, to manipulate, to use, to invade every possible corner of this vast world. Desire, is something that we could not easily shrug off.


Tech. view
Passwords aplenty


How to stay sane as well as safe while surfing the web


At this time of the year, your correspondent crosses the Pacific to Japan for a month or so. He repeats the trip during the summer. He considers it crucial in order to keep abreast of all the ingenious technology which, once debugged by the world’s most acquisitive consumers, will wind up in American and European shops a year or two later.


Each time he packs his bags, though, he is embarrassed by having to include a dog-eared set of notes that really ought to be locked up in a safe. This is his list of logons and passwords for all the websites he uses for doing business and staying in touch with the rest of the world. At the last count, the inch-thick list accumulated over the past decade or so – your correspondent’s sole copy – includes access details for no fewer than 174 online services and computer networks.


He admits to flouting the advice of security experts: his failings include using essentially the same logon and password for many similar sites, relying on easily remembered words – and, heaven forbid, writing them down on scraps of paper. So his new year’s resolution is to set up a proper software vault for the various passwords and ditch the dog-eared list.


Your correspondent’s one consolation is that he is not alone in using easily crackable words for most of his passwords. Indeed, the majority of online users have an understandable aversion to strong, but hard-to-remember, passwords. The most popular passwords in Britain are “123” followed by “password”. At least people in America have learned to combine letters and numbers. Their most popular ones are “password1” followed by “abc123”.


Unfortunately, the easier a password is to remember, the easier it is for thieves to guess. Ironically, the opposite – the harder it is to remember, the harder it is to crack – is often far from true. That is because, not being able to remember long, jumbled sets of alphanumeric characters interspersed with symbols, people resort to writing them down on Post- it notes left lying around the office or home for all and sundry to see.


Apart from stealing passwords from Post- it notes and the like, intruders basically use one of two hacks to gain access to other people’s computers or networks. If time and money is no problem, they can use brute-force methods that simply try every combination of letters, numbers and symbols until a match is found. That takes a lot of patience and computing power, and tends to be the sort of thing only intelligence agencies indulge in.


A more popular, though less effective, way is to use commercial software tools such as “lophtCRACK” or “John the Ripper” that can be found on the internet. These use dictionaries, lists of popular passwords and rainbow tables (lookup tools that turn long numbers computed from alphanumeric characters back into their original plain text) to recover passwords.


According to Bruce Schneier, an independent security expert, today’s password crackers “can test tens even hundreds of millions of passwords per second.” In short, the vast majority of passwords used in the real world can be guessed in minutes. And do not think you are being smart by replacing the letters “l” or “I” in a password with the number “1”; or the letter “s” with the number “5” or the symbol “$”. Cracking programs check all such alternatives, and more, as a matter of course.


What should you do to protect yourself? Choose passwords that are strong enough to make cracking them too time consuming for thieves to bother.


The strength of a password depends on its length, complexity and randomness. A good length is at least eight symbols. The complexity depends on the character set. Using numbers alone limits the choice to just ten symbols. Add upper- and lower_ case letters and the complexity rises to 62. Use all the symbols on a standard ASCII keyboard and you have 95 to choose from.


The third component, randomness, is measured by a concept borrowed from thermodynamics – the notion of entropy (the tendency for things to become disordered). In information theory, a tossed coin has entropy of one “bit” (binary digit). That is because it can come down randomly in one of two equally possible binary states.


At the other extreme, when you set the encryption of a Wi-Fi link, you are usually given the choice of 64-bit or even 128-bit security. Those bit-numbers represent the entropy (or randomness) of the encryption used. A password with 64 bits of entropy is as a string of data comprising 64 randomly selected binary digits. Put another way, a 64-bit password would require 2 raised to the power of 64 attempts to crack it by brute force – in short, 18 billion billion attempts. A 64-bit password was finally cracked in 2002 using brute-force methods. It took a network of volunteers nearly five years to do so.


The National Institute of Standards and Technology, the American government’s standards-measuring laboratory in Gaithersburg, Maryland, recommends 80-bit passwords for state secrets and the like. Such security can be achieved using passwords with 12 symbols, drawn from the full set of 95 symbols on the standard American keyboard. For ordinary purposes, that would seem overkill. A 52-bit password based on eight symbols selected from the standard keyboard is generally adequate.


How to select the eight? Best to let a computer program generate them randomly for you. Unfortunately, the result will be something like &*(&* that probably needs to be written down. One answer, only slightly less rigorous, is to use a mnemonic constructed from the first letters (plus contractions) of an easily remembered phrase like “Murder Considered as One of the Fine Arts” (MCa1otFA) or “To be or not to be: that is the question” (2Bo-2B:?).


Given a robust 52-bit password, you can then use a password manager to take care of the dozens of easily guessable ones used to access various web services. There are a number of perfectly adequate products for doing this. In an early attempt to fulfil his new year’s pledge, your correspondent has been experimenting with LastPass, a free password manager that works as an add-on to the Firefox web browser for Windows, Linux or Macintosh. Versions also exist for Internet Explorer on Windows and Safari on the Mac.


Once installed and given a strong password of its own, plus an e-mail address, LastPass encrypts all the logons and passwords stored on your computer. So, be warned: forget your master password and you could be in trouble – especially if you have let the program delete (as it urges you to let it do) all the vulnerable logons and passwords on your own computer.


Thereafter, to visit various web services, all you have to do is log into LastPass and click the website you wish to check out. The tool then automatically logs you on securely to the selected site. It will even complete all the forms needed to buy goods online if you have stored your home address, telephone number and credit-card details in the vault as well.

Your correspondent looks forward to using the service while travelling around Japan over the next month or so. To be on the safe side, however, his dog-eared list of passwords will still go with him.


楼上的同学～～


Comments
The article provides some knowledge on setting password.(hoho the theme could be hacking)
Usually, people are likely to set passwords that are easy to remember. However, according to the writer, the easier the password is to remember the easier it is to crack. In this case, what we need to do to create a strong password is to set a 80-bit password, suggested in the article, which can be achieve by lining up 12 symbols chosen from all the 95 symbols of the standard American keyboard.


I am prone to believe what the article claims. But using a program to manage all my hard-to-remember passwords is really not my way of dealing with encoding. I prefer creating three different passwords for all the encoding, so that I will not forget which password fit which blank.( Well, that could be a problem if one of them is cracked. No kidding--my roommate frequently gets hack on EVERY LOGON and now he's totally freaked out)

Additionally, in order to make them hard to be cracked, I use symbols that represent some specific interest of mine and make them as long as 16 symbols. However, according to the writer, this way of creating password is in lack of randomness, which is what I am thinking about right now to strengthen all my passwords.(Yep. Great for u.)

emteddybearUID: 2699606

补作业
哈哈，终于有一个我熟悉的题目了
dog-eared :翻旧了的
At the last count：据最新统计
aversion：厌恶
resort ：求助
as a matter of course：当然
encryption ：加密
rigorous：严密的
mnemonic：注记的
最后一段啥子意思啊，没有懂呢，前面说了那么多，为什么为了保险起见，还是要带个小本本呢，奇怪，突兀
(刚刚写comments的时候发现了，是不是就是说用软件的方法不适合外地旅行啊，然后他们还是必须要带上小本本)


good things：
1.Unfortunately, the easier a password is to remember, the easier it is for thieves to guess. Ironically, the opposite—the harder it is to remember, the harder it is to crack—is often far from true
2.Choose passwords that are strong enough to make cracking them too time consuming for thieves to bother.

MY COMMENTS：
In our daily life, internet is indispensable, people spend more and more time to surf the internet. Forum, free-nets etc. are the main froms. But each forum require a ID and a matching password.That means if we want to enjoy the net we must remember the trivial passwords before. So how to rememeber them is a big problem.In the report, the writer gives us some simple methods, recording in a memo pad, use some software. I think the first method is not security. And the second method has some limitations.Firstly, if you remember them relying on the post-it notes, it can be easily be stolen by others and can be easily lost. Only if the passwords are not so important, can we use this method. Secondly, as for using the software, it is only fit for the local computer. If some people go out for a trip, it's inconvenient,even unrealistic somewhere.
So in my opinion, we should set our ID or password easily to remember ouselves, while others don't know. And we can make most of them quite similar, or even the same. That is the most practical.

aladdin.ivyUID: 2596664

最后一段啥子意思啊，没有懂呢，前面说了那么多，为什么为了保险起见，还是要带个小本本呢，奇怪，突兀
(刚刚写comments的时候发现了，是不是就是说用软件的方法不适合外地旅行啊，然后他们还是必须要带上小本本)
emteddybear 发表于 2009-12-27 14:46

我觉得作者用的是插叙的手法，由这个故事引出网络密码隐患，然后重点讲有关密码一系列的问题，最后与文章开头呼应，讲回那个小故事。这样使文章看起来更完整。

domudomuUID: 2670967

This is an artical that is tightly related to our daily life. With the high speed of development in information technology, people use web and internet more frequently and thus cause a lot of problems. Usually, when we login in some forums on the internet, a password is needed, but as there are a lot of pass words, we usually just use some simple numbers or letter in case of forgetting it. Then, intruders basically use one of two hacks to gain access to other people’s computers or networks. So the artical mainly helps us to set a good password.
As to the point randomness, it's so interesting. The writer advise us to let a computer progamme generate the words randomly. However, it reminds me of a way of buying lottery in China. This kind of password may be safety but it is also easy to forget.
It is a truth that living in this society, we are easy to lose privacy, such as our personal information from the CV when we find a job, images which are posted on the Internet with friends, cell phone numbers and even address. So, a protection of your information is really necessary. Don't think that your information is not worthy making use of by others.
As to the manager software, I am not sure whether it is useful, but there must still be other risks existing. However, thanks to the manager software, by using this can we at least reduce the possibility of losing information.
To sum up, changing the passwords every three months is hard to do, and setting a complext password is hard to remember. So I hope that a new way to secure the safety will come out.

miki7catUID: 2533330

My comment
Since my major in Information Security at college just covers the subject of this article, I have a lot of comments to make on it from the professional perspective. The article introduced several method of password cracking, and described to audiences how powerful the password crackers. In fact, depending on the computer technology, there are many approaches to protect our passwords from being cracked. Unfortunately, just like the article mentioned, it is a very general appearance that some people write their usernames and passwords down on scraps of paper, and some others save them with a document including even the information of their bank account. The lack of safe consciousness will bring a great loss.

Tech.view
Passwords aplenty
Dec 18th 2009 | LOS ANGELES
From Economist.com
How to stay sane as well as safe while surfing the web
surfing【Surfing is the activity of looking at different sites on the Internet, especially when you are not looking for anything in particular. (COMPUTING)】

AT THIS time of the year, your correspondent crosses the Pacific to Japan for a month or so. He repeats the trip during the summer. He considers it crucial in order to keep abreast of all the ingenious【Something that is ingenious is very clever and involves new ideas, methods, or equipment.】 technology which, once debugged by the world’s most acquisitive【If you describe a person or an organization as acquisitive, you do not approve of them because you think they are too concerned with getting new possessions.】 consumers, will wind up【终止】 in American and European shops a year or two later.

Each time he packs his bags, though, he is embarrassed by having to include a dog-eared【A book or piece of paper that is dog-eared has been used so much that the corners of the pages are turned down or torn.】 set of notes that really ought to be locked up in a safe. This is his list of logons and passwords for all the websites he uses for doing business and staying in touch with the rest of the world. At the last count, the inch-thick list accumulated over the past decade or so—your correspondent’s sole copy—includes access details for no fewer than 174 online services and computer networks.

He admits to flouting【If you flout something such as a law, an order, or an accepted way of behaving, you deliberately do not obey it or follow it.】 the advice of security experts: his failings include using essentially the same logon and password for many similar sites, relying on easily remembered words—and, heaven forbid【这个纯属娱乐，翻译成：天理不容】, writing them down on scraps of paper. So his new year’s resolution is to set up a proper software vault【储藏室A vault is a secure room where money and other valuable things can be kept safely.】 for the various passwords and ditch【If you ditch something that you have or are responsible for, you abandon it or get rid of it, because you no longer want it. (INFORMAL)】 the dog-eared list.

Your correspondent’s one consolation is that he is not alone in using easily crackable words for most of his passwords. Indeed, the majority of online users have an understandable aversion【If you have an aversion to someone or something, you dislike them very much.】 to strong, but hard-to-remember, passwords. The most popular passwords in Britain are “123” followed by “password”. At least people in America have learned to combine letters and numbers. Their most popular ones are “password1” followed by “abc123”.
Unfortunately, the easier a password is to remember, the easier it is for thieves to guess. Ironically, the opposite—the harder it is to remember, the harder it is to crack—is often far from true. That is because, not being able to remember long, jumbled sets of alphanumeric characters interspersed with【If one group of things are interspersed with another or interspersed among another, the second things occur between or among the first things.】 symbols, people resort to writing them down on Post-it notes left lying around the office or home for all and sundry【All and sundry means everyone.】 to see.

Apart from stealing passwords from Post-it notes and the like, intruders【An intruder is a person who goes into a place where they are not supposed to be.】 basically use one of two hacks to gain access to other people’s computers or networks. If time and money is no problem, they can use brute-force methods【暴力破解法】 that simply try every combination of letters, numbers and symbols until a match is found. That takes a lot of patience and computing power, and tends to be the sort of thing only intelligence agencies indulge in.
A more popular, though less effective, way is to use commercial software tools such as “L0phtCrack” or “John the Ripper” that can be found on the internet. These use dictionaries, lists of popular passwords and rainbow tables (lookup tools that turn long numbers computed from alphanumeric characters back into their original plain text) to recover passwords.

According to Bruce Schneier, an independent security expert, today’s password crackers “can test tens—even hundreds—of millions of passwords per second.” In short, the vast majority of passwords used in the real world can be guessed in minutes. And do not think you are being smart by replacing the letters “l” or “i” in a password with the number “1”; or the letter “s” with the number “5” or the symbol “$”. Cracking programs check all such alternatives, and more, as a matter of course.

What should you do to protect yourself? Choose passwords that are strong enough to make cracking them too time consuming for thieves to bother.

The strength of a password depends on its length, complexity and randomness. A good length is at least eight symbols. The complexity depends on the character set. Using numbers alone limits the choice to just ten symbols. Add upper- and lower-case letters and the complexity rises to 62. Use all the symbols on a standard ASCII keyboard and you have 95 to choose from.

The third component, randomness, is measured by a concept borrowed from thermodynamics【热力学Thermodynamics is the branch of physics that is concerned with the relationship between heat and other forms of energy.】—the notion of entropy (the tendency for things to become disordered). In information theory, a tossed coin has an entropy of one “bit” (binary digit). That is because it can come down randomly in one of two equally possible binary states.

At the other extreme, when you set the encryption of a Wi-Fi link, you are usually given the choice of 64-bit or even 128-bit security. Those bit-numbers represent the entropy (or randomness) of the encryption used. A password with 64 bits of entropy is as strong as a string of data comprising 64 randomly selected binary digits. Put another way, a 64-bit password would require 2 raised to the power of 64【2的64次方】 attempts to crack it by brute force—in short, 18 billion billion attempts. A 64-bit password was finally cracked in 2002 using brute-force methods. It took a network of volunteers nearly five years to do so.

The National Institute of Standards and Technology, the American government’s standards-measuring laboratory in Gaithersburg, Maryland, recommends 80-bit passwords for state secrets and the like. Such security can be achieved using passwords with 12 symbols, drawn from【To draw something from a particular thing or place means to take or get it from that thing or place.】 the full set of 95 symbols on the standard American keyboard. For ordinary purposes, that would seem overkill. A 52-bit password based on eight symbols selected from the standard keyboard is generally adequate.

How to select the eight? Best to let a computer program generate them randomly for you. Unfortunately, the result will be something like 6sDt%k&3 that probably needs to be written down. One answer, only slightly less rigorous【A test, system, or procedure that is rigorous is very thorough and strict.】, is to use a mnemonic【A mnemonic is a word, short poem, or sentence that is intended to help you remember things such as scientific rules or spelling rules.】 constructed from the first letters (plus contractions) of an easily remembered phrase like “Murder Considered as One of the Fine Arts” (MCa1otFA) or “To be or not to be: that is the question” (2Bo-2b:?).

Given a robust【robust在上一篇文章里形容的是system，这里用来形容password】 52-bit password, you can then use a password manager to take care of the dozens of easily guessable ones used to access various web services. There are a number of perfectly adequate products for doing this. In an early attempt to fulfil his new year’s pledge, your correspondent has been experimenting with LastPass, a free password manager that works as an add-on to the Firefox web browser for Windows, Linux or Macintosh. Versions also exist for Internet Explorer on Windows and Safari on the Mac.

Once installed and given a strong password of its own, plus an e-mail address, LastPass encrypts all the logons and passwords stored on your computer. So, be warned: forget your master password and you could be in trouble—especially if you have let the program delete (as it urges you to let it do) all the vulnerable logons and passwords on your own computer.

Thereafter, to visit various web services, all you have to do is log into LastPass and click the website you wish to check out. The tool then automatically logs you on securely to the selected site. It will even complete all the forms needed to buy goods online if you have stored your home address, telephone number and credit-card details in the vault as well.

Your correspondent looks forward to using the service while travelling around Japan over the next month or so. To be on the safe side, however, his dog-eared list of passwords will still go with him.

zhengchangdianUID: 2563082

Comment:

Well, it is said that the strength of a password depends on its length, complexity and randomness. To realize this ideal objective, software vendors provide a password manager to throw light upon this plight. However, it is unwise to reckon the password generated from the computer is really random. In fact, the so-called random number is produced by fixed computer operating. In that case, if the first number is fixed, the followed ones can get from some operating system. So it is naive to believe the randomness created by the computer program. On the other hand, it is still fortunate to figure out the progress in safety awareness. No one can satisfy his appetite by depending on his over-simple or seemed delicate password in such a dangerous world. Information war is not as unfamiliar as it was 20 years ago. No wonder mankind spare no efforts to find out more effective ways to secure their private information, especially for the ones that concerned with their fortune. In spite of the subsequent decipher, the increasing attention on safety still paves way for the future information safety system. After all, the most horrible thing is not facing the risk, but ignoring the danger without awareness.

zhengchangdianUID: 2563082

23# emteddybear

一直没查到dog-eared是翻旧了的意思，谢谢啦！

海王泪UID: 2673613

Comment

Sorry for my absent mind of this topic. But I will try and here I will share my life with codes.

For protecting privacy, money and authority, my passwords develop in the following three ways:
1.An easy sentence (BBS/Chatting soft)
2.An combination of meaningless number, letters and punctuation(Mail/Blog)
3.Random code record in software, Spb Wallet, of my IPod(Online Operation like Internet Bank Account)

The first two kinds of password are deeply in my mind because I frequently use them. There is nothing much to talk about them. So Let’s come to the random codes, I trust software on devices especially those easily brought. Software on computer is not convenient; I won’t carry my laptop day and night. But a small device, mobile phone or IPod, really works because I keep it everywhere. Somebody would argue that there are risks of losing portable devices. In fact, we have synchronization between devices and PC or internet. That may decrease the probability of losing our passwords.

sunflower_irisUID: 2720580

We are getting used to rely on the computers for work, communication, and doing other things in our daily lives. Then it brings a inconvenience to our lives if the passwords are forgotten and a threat to our privacy if the passwords are thieved. The report describes how easy the thieves can guess an ordinary password or crack a hard one with software. So we need to choose passwords which are strong enough to protect them from thieving. The strength of a password depends on its length, complexity and randomness. The author also teaches us what should we do to choose a strong one. But we know the computer virus named Trojan horse, if our computers suffer from it, no matter how long, complex or random the passwords are, it can thieve them easily. What should we conclude? The computer has merit and demerit at the same time?