大腦記不住紛亂密碼 看管理密碼的最佳利器

There's a war raging between hackers and companies, and you're caught in the crossfire. Every time a company gets hacked, you have to change your password. And don't you dare reuse it somewhere else.

黑客和企業之間在發生戰爭，而你也深陷其中。每次企業受到黑客攻擊，你都不得不修改自己的密碼，還不敢在其它地方重新使用這個密碼。

Dreaming up a different password for every site and service is the only way to keep your stuff safe online, but it's also a gigantic nuisance. There's one thing you can -- and should -- do to help: Get a password manager program.

爲每一個網站和每一項服務想一個不同的密碼是讓你的東西在網上獲得安全保證的唯一辦法，但這也是一件大麻煩事。對此，你能夠、也應該做的一件事是：使用密碼管理程序。

I have more than 150 different logins and counting. I'd have to be Rain Man to memorize that many passwords. So I went on a hunt for the best services for storing all my passwords, and whittled down the list to four that get the job done and offer enough security for most of us: 1Password, Dashlane, LastPass and PasswordBox.

我有150多個不同的登錄名，這個數字還在增加。我必須成爲雨人(Rain Man)才能記住那麼多的密碼。因此我開始尋找可以儲存我所有密碼的最好工具，最終將備選名單減少到四個：1Password、Dashlane、LastPass和PasswordBox。它們可以不辱使命併爲我們大多數人提供足夠的安全保證。

LastPass is a good choice for people who use newer technology like fingerprint scanners. For the really paranoid, 1Password offers the most control over where your encrypted vault of passwords gets stored.

LastPass對於使用指紋掃描儀等新技術的人來說是一個很好的選擇，而對於真正的偏執狂來說，1Password可以對你的加密密碼庫的所在位置提供最優的控制服務。

For most people, I recommend Dashlane. It's simple, so you'll actually use it. It may even save you clicks.

對於大多數人，我推薦使用Dashlane。它很簡單，所以你真的會用它，它甚至可以讓你減少你點擊鼠標的次數。

But, wait -- isn't storing all your passwords in one place a terrible idea? It's better than reusing easily remembered passwords everywhere. Password managers hide your information behind a master password that only you know.

不過，等等――把你所有的密碼存放在一個地方，這難道不是一個可怕的想法嗎？這總比在所有地方重複使用輕而易舉就記得住的密碼要好。密碼管理器會把你的信息隱藏在一個只有你才知道的主密碼後面。

Nothing is 100% guaranteed, but all four of these managers take the additional security step of never sending your master password over the Internet. They're like a safety deposit box that a professional keeps without knowing what's inside, or even holding a key to open it.

沒有什麼東西是有100%的保證的，但這四種密碼管理器都採取了額外的安全措施，永遠不會在互聯網上發送你的主密碼。它們就像一個保險箱一樣，保管它的專業人士並不知道里面放的是什麼，甚至沒有打開它的鑰匙。

In an age where more of our personal information lives, password protected, up in the cloud, we need defenses beyond antivirus software. Using a password manager is the next step.

在我們越來越多的個人信息通過密碼保護的方式存儲到雲端的年代，除了殺毒軟件以外，我們還需要額外的防護。使用密碼管理器就是下一步要採取的措施。

Dashlane is like the memory you wish you had. It keeps track of not only passwords, but also credit card numbers and user IDs, filling them in when you need them across many different devices. It also keeps a helpful scorecard on the quality of your existing passwords, and nudges you to improve them.

Dashlane恰如你希望擁有的那種記憶力，它記錄的不光是密碼，還有信用卡卡號及用戶名，當你在諸多不同設備上需要這些信息的時候就可以把它們填進去。Dashlane還有一個用處很大的記分卡，可以評估你現有密碼的可靠性並敦促你加以改進。

Dashlane is free to use on any single device; a $30 annual subscription lets the Dashlane apps automatically sync your data across devices. You can try this premium service free for 30 days.

Dashlane在任何一臺單一設備上都可以免費使用；繳納30美元（約合人民幣187元）的年費就可以讓Dashlane應用軟件自動同步你在各個設備上的數據，你可以免費試用這項高級服務30天。

Setting up Dashlane is a pleasure. Its app slurps up the passwords that been saved unencrypted in your Web browser, and learns new ones as you type them. All of this gets protected by the master password, encrypted in a database on your computer or mobile device. Every time you start your computer or open the Dashlane app, you must log into the app with that master password. (You can make it ask for your password more often, like whenever your device is idle for too long.)

安裝Dashlane是一種樂趣。Dashlane應用會吞噬掉你在網頁瀏覽器中沒有加密的密碼，並在你輸入新密碼時記住它們。所有這一切都得到一個主密碼的保護，主密碼在你的電腦或移動設備上的數據庫中進行了加密。每次你啓動電腦或打開Dashlane應用的時候，你必須用那個主密碼登錄進入該應用。（你可以讓它更頻繁地詢問你的密碼，比如當你的設備太長時間沒有操作的時候。）

Dashlane uses an add-on to Web browsers, including Chrome, Firefox, Internet Explorer and Safari. When you're logging into a site Dashlane knows, it puts a small icon (a dashing impala) in the login box to let you know it can enter your username and password -- even your credit card number. If you tell it to, Dashlane will even press the 'login' button automatically. It doesn't work on every site, but does a better job than most.

Dashlane在網頁瀏覽器上使用的是一個插件，適用的瀏覽器包括Chrome、火狐(Firefox)、IE（Internet Explorer）和蘋果Safari。當你登錄一個網站的時候，Dashlane是知道的，它會在登錄框中放入一個小圖標（一隻奔跑的黑斑羚），以便讓你知道它能夠輸入你的用戶名和密碼――甚至你的信用卡卡號。如果你令其這麼做，Dashlane甚至會自動按下“登錄”鍵。Dashlane的這種功能不是在每一個網站都能奏效，但比起其它大多數應用來效果好多了。

Along the way, Dashlane also tries to improve your security. When you're changing a password or starting a new account, it suggests a strong one that would confound even a supercomputer. And its colorful security scorecard cheerfully humiliates you into replacing weak or repeated passwords.

在這一過程中，Dashlane還會盡力提高你的安全保障。當你在修改密碼或開啓一個新賬戶時，它會建議設置一個甚至可以迷惑一臺超級計算機的強效密碼。它那五彩繽紛的安全記分卡會得意洋洋地奚落你，讓你更換易被破解或重複的密碼。

Where password managers really become helpful is keeping your passwords up-to-date across all sorts of devices -- computers, phones and tablets. (I ruled out the password keepers built into Google's Chrome browser and Apple's iCloud because neither works across all of my stuff.)

密碼管理器真正有用的地方是讓你的密碼可以在各種設備上――電腦、手機和平板電腦――得到更新。（我排除了谷歌(Google) Chrome瀏覽器中內置的密碼管理器和蘋果(Apple)的iCloud，因爲兩者都不能更新我所有的設備上的密碼。）

Dashlane works largely the same way on Android phones and tablets, automatically entering your passwords in apps, though not yet on the default Chrome browser. (The company says it is working on that.)

Dashlane在安卓系統(Android)的手機和平板上的工作方式大致相同，會自動在應用軟件中輸入你的密碼，不過在默認的Chrome瀏覽器上還無法運作。（該公司說它正在解決這個問題。）

On iPhones and iPads, the Dashlane app allows you to copy and paste all of your logins and passwords into a browser, but can't fill them in for you because of Apple's programming rules. (The same problem afflicts most password managers except for PasswordBox, which has figured out a way to auto-login on a handful of big sites on mobile Safari.)

在iPhone和iPad上，Dashlane應用允許你將所有的登錄名和密碼複製、粘貼到瀏覽器，但礙於蘋果公司的編程規則，它不能替你填寫這些信息。（同樣的問題還困擾着除PasswordBox以外的大多數密碼管理器，PasswordBox已經找到一個辦法在移動Safari瀏覽器上自動登錄一些大的網站。）

If you share a computer with family members, Dashlane remembers multiple logins without asking you to set up profiles. And the company says it is close to launching a new families-and-teams version that will make it easier to sync passwords between people who share, say, an Amazon or Netflix account.

如果你與家人共用一臺電腦，Dashlane不用讓你設置配置文件就可以記住多個登錄名。該公司說，它即將推出一款家庭-團隊版本的新管理器，讓那些共用亞馬遜(Amazon)或網飛(Netflix)等賬戶的人之間可以更容易地同步密碼。

Behind the scenes, Dashlane takes some important steps to secure your data. It never sends your master password over the Internet, and it protects your personal data using advanced encryption known as AES-256 before syncing it with your other devices via its servers. Neither Dashlane nor a hacker (or government agency) breaking into the company's systems could access your data without knowing your master password. This setup prevented Dashlane from even being vulnerable to the recent Heartbleed security catastrophe.

在幕後，Dashlane採取了幾項重要措施保證你的數據安全。它永遠不會在互聯網上發送你的主密碼，在通過其服務器將密碼與你的其它設備同步之前，它使用一種名爲AES-256的高級加密技術來保護你的個人數據。Dashlane和侵入公司系統的黑客（或者政府機構）如果不知道你的主密碼，都無法獲取你的數據。這種設置甚至讓Dashlane避過了最近的Heartbleed安全漏洞一劫。

But if you really want to keep your stuff off the Internet, Dashlane gives you that option, too, though you'll need to sync passwords manually across devices. (The password manager that does the best offline syncing is 1Password.)

但如果你實在希望你的密碼不出現在互聯網上，Dashlane也會給你那樣的選擇，不過你需要在設備之間手動同步密碼。（離線同步做得最好的密碼管理器是1Password。）

OK, what happens if somebody manages to get your master password? That could happen if someone installs a piece of keylogging malware on your computer -- and is a good reminder that you should run antivirus software to keep such attacks at bay.

好了，要是有人設法獲取了你的主密碼怎麼辦呢？假如有人在你的電腦上安裝了一款鍵盤記錄惡意軟件，這種事情很可能發生――這對你也是一個很好的提醒，你應該運行殺毒軟件，將那樣的攻擊拒之門外。

But even if that happened, there's an additional layer of security: Dashlane won't let someone unlock your passwords on a new device without first entering an ever-changing code it sends directly to your phone or email.

不過，即便發生了那種事，另外還有一層安全保護措施：如果不先輸入一個直接發送到你手機或電子郵件的隨機驗證碼，Dashlane是不會讓人在一臺新設備上給密碼解鎖的。

This important two-step authentication is only available from Dashlane and LastPass, though PasswordBox says it is working on it. A 1Password spokesman says this additional authentication isn't helpful with its design, where there is no central silo of your data. But I think it helps to know if someone is trying to get into your stuff.

這種兩步驗證身份的重要手段只有Dashlane和LastPass才提供，而PasswordBox說它正在做這項工作。1Password的一名發言人說，這種附加的身份驗證對於1Password的設計來說沒有多大用處，1Password裏沒有你的中央數據庫。但我認爲假如有人試圖進入你的地盤時，這種驗證可以幫你瞭解狀況。

Still, why should you trust Dashlane, a two-year-old startup with two million customers?

那麼，你爲何應該信任Dashlane這家有兩年曆史、兩百萬客戶的初創企業呢？

Because selling security is the only way Dashlane makes money. And if you decide it is not worth $30 a year, Dashlane lets you export your password database in forms that can be read by you or another password manager.

因爲Dashlane賺錢的唯一途徑是賣安全。如果你認爲一年30美元的費用有所不值，Dashlane允許以你或別的密碼管理器可以讀取的方式輸出你的密碼數據庫。

You could even use the old-fashioned technique, and print out the database on paper. As crazy as that sounds, it's still safer than using the same password over and over again.

你甚至可以用老式的手段把數據庫打印在紙上。雖然那聽起來有點瘋狂，但它還是比一遍又一遍地使用相同的密碼更加安全。