From NPR this week. 密碼太多記不起來？買個app讓應用程式來幫你！

下載聲音檔請點我

下載填空卷請點我

下載解析版請點我

Prevent Your Password From Becoming Easy Pickings (Or PyPfbEp)

by Wendy Kaufman

Recent news that 6.5 million passwords were stolen from LinkedIn got us thinking once again about those security words and phrases. Their strength depends on how cleaver or how lazy we are when we dream them up. Which raises the question引發問題 of how we can make our online accounts a little bit safer. NPR's Wendy Kaufman has some suggestions.

WENDY KAUFMAN, BYLINE: Aaron Brown and Erin Gilmer have very different approaches to passwords. When I caught up with them跟他們見到面 in a suburban Seattle mall, he said...

AARON BROWN: I try to keep as few as possible.

KAUFMAN: And she said I have too many.

ERIN GILMER: They're totally weird. I just make up a different one for a different thing every time, usually doesn't even make any sense沒什麼道理. Most of the time I can't remember it later.

KAUFMAN: And therein lies the conundrum謎語/難題. If passwords are simple, they're not very secure. But when they're complicated, they're hard to use. Perhaps not surprisingly, simplicity usually wins out and hackers駭客 are happy about that.

EVE MALER: In the LinkedIn case, hackers stole data that LinkedIn had in a data base somewhere that was supposed to be protected.

KAUFMAN: That's Eve Maler. She's a security and risk analyst安全與風險分析師 at Forrester Research.

MALER: What they ended up getting for their trouble was password hashes攪亂/搗碎. They're kind of like encrypted將…譯成密碼 versions of passwords, looks like gobbledygook冗長且難以令人了解的話.

KAUFMAN: But in some cases attackers can decipher解碼 gobbledygook and get the actual passwords, especially if those passwords are not very robust堅牢. There's no evidence that's happened in this case, at least so far. But many of us use just one password for all our accounts. So if the bad guys have your LinkedIn password, they may also have the one for your online banking網路銀行.

And researcher Joseph Bonneau, a password expert, says the passwords people pick are often easy to figure out. He notes the grand champion in popularity最受歡迎的(密碼) is 1-2-3-4-5-6.

JOSEPH BONNEAU: Counting from one up to five, or to eight are also pretty popular. Password's pretty popular. There's a few things that are patterns on the keyboard電腦鍵盤上的字母排列模式, like QWERTY. And then you kind of get into a couple of nicknames暱稱 and terms of endearments愛稱 that you see, like princess is usually in the top 10.

KAUFMAN: Bonneau, who's been studying at Cambridge University ,has looked at a lot of passwords. While interning at Yahoo, he analyzed a database資料庫 of more than 70 million of them. They were anonymous無名 but he learned some interesting things about the users. For example, Baby Boomers used more secure passwords than their kids. Forty-five to 55 year olds used the strongest passwords and teenagers used the weakest.

And here's the most sobering嚴肅的 part of his research. Bonneau says even passwords you think are quite strong may not be tough enough to thwart阻撓 a committed attacker堅定的駭客. So what's an ordinary user to do? Bonneau 's advice is pragmatic務實: don't sweat the small stuff.

BONNEAU: So really, I just tell people don't reuse your important password. You know, figure out the one or two accounts you have - maybe your banking website and maybe your primary email address - use as good of a password as you can manage for them. And then you can really forget about the rest.

KAUFMAN: He means don't worry too much about the passwords you use on accounts that don't contain sensitive information. That's the password philosophy adopted by John Perkins, a recent high school graduate.

JOHN PERKINS: Something that I'm buying at the local video store will be three characters. And then my bank account will be 20 to 30 characters.

KAUFMAN: And a very strong password would include random, that's right, random upper and lower case letters隨機大小寫字母, numbers and symbols. One suggestion is to take a line you can remember and convert it a nonsensical沒有道理的 password. So for example the phrase: My kids like to build with two-by-fours would become capital M, the letter K, then L, T, B and so on. That's not likely to show up in a hacker's dictionary.

Another security hint: Make up the answers to security verification安全認證 questions. There's no rule that says you have to give the name of a pet, just because the form asks for it.

And one final suggestion, and it's a big one: Use a password manager or password wallet. These apps allow you to securely store complex passwords and other account information in one place.

Jennifer Garland simply logs in using a master password主要密碼 and the app does the rest of the work.

JENNIFER GARLAND: It's the one password that I really have to remember, because I think if I lose that password, then I lose all my passwords.

KAUFMAN: And that would present a gigantic巨大的 password headache.

Wendy Kaufman, NPR News.

INSKEEP: This is NPR News.