網上密碼還是“123456”? 親,複雜點吧!

Let me hazard a wild guess: the system of passwords you use on the internet – for accessing online banking, email, shopping sites, Twitter and Facebook accounts – is a mess.

讓我大膽猜測一下：你在互聯網上使用的，用於訪問網上銀行、電子郵件、購物網站、Twitter和Facebook賬戶的密碼系統是一團糟。

You know perfectly well what you ought to be doing: for each site you visit, you should be choosing a different, complex sequence of letters, numbers and symbols, and then memorising it. (That's rule number one of the conventional wisdom on passwords: never, ever write them down.) But you don't do this, because you weren't blessed with a brain that's capable of such feats.

你完全知道自己應該怎麼做：你所訪問的每個網站，你都應該選擇一個由字母、數字和符號組成的不同且複雜的序列，然後記住它。（這是關於密碼常規智慧的第一原則：永遠不要把它們寫下來。）但你不會這樣做，因爲你無福擁有具備此類技能的大腦。

So instead you use the same familiar words for every site – your dog's name, the name of your street – with occasional ingenious permutations, such as adding "123" at the end. Or maybe you do try to follow the rules, in which case you're probably constantly getting locked out of your bank account or trying to remember the answers to various absurd security questions. ("What was your favourite sport as a child?") And things are getting worse: these days, you find yourself forced to choose passwords with both upper- and lower-case letters, and what normal human being can remember multiple combinations of those? Not you, that's for sure.

因此，你每一個網站都使用同樣熟悉的單詞——你家狗的名字、你家街道的名字 ——偶爾巧妙的排列一下，如結尾加個“123”。或者，也許你的確嘗試了遵循這樣的規則，某些情況下，你可能總是進不了你的銀行帳戶或試圖記住各種荒謬的安全問題的答案。 （“你小時候最喜歡的運動是什麼？”）事情變得越來越糟糕：這些天，你會發現自己要被迫選擇大寫和小寫字母組成的密碼，哪個正常人可以記住這樣的多個組合？不是你，這是肯定的。

One reason not to feel too guilty about your bad password behaviour is that it seems to be almost universal. Last month, an analysis of leaked pin numbers revealed that about one in 10 of us uses "1234"; a recent security breach at Yahoo showed that thousands of users' passwords were either "password", "welcome", "123456" or "ninja". People choose terrible passwords even when more is at stake than their savings

對於自己的糟糕密碼行爲不用感到太內疚的一個原因是它好像是幾乎普遍的。上個月，泄漏的密碼分析顯示，我們中大約有十分之一的人使用“1234”，雅虎最近的安全漏洞表明，成千上萬的用戶密碼不是"password"、 "welcome"、"123456" 就是"ninja".即使他們的財產會面臨更多的風險，人們還是選擇糟糕的密碼。

Password hacking takes many different forms, but one crucial thing to understand is that it's often not a matter of devilish cunning but of bludgeoning with brute force.

密碼黑客會採取多種不同的形式，但要明白關鍵的一件事是，它通常不是惡魔般的狡猾，而是蠻力的使用。

This is where the length of your password makes an almost unbelievable difference. For a hacker with the computing power to make 1,000 guesses per second, a five-letter, purely random, all-lower-case password, such as "fpqzy", would take three and three-quarter hours to crack. Increase the number of letters to 20, though, and the cracking time increases, just a little bit: it's 6.5 thousand trillion centuries.

你密碼的長度可以產生幾乎令人難以置信的差異。對於黑客的計算能力，每秒1000次猜測， 5個字母、完全隨機、全小寫的密碼，如“fpqzy”，只要花費3小時45分鐘來破解。把字母數增加到20，只是一點點，但破解的時間增加：這將是6500萬億個世紀。

Then there's the question of predictability. Nobody thinks up passwords by combining truly random sequences of letters and numbers; instead they follow rules, like using real words and replacing the letter O with a zero, or using first names followed by a year. Hackers know this, so their software can incorporate these rules when generating guesses, vastly reducing the time it takes to hit on a correct one. If you think you've got a clever system for coming up with passwords, the chances are that hackers are already familiar with it.

這樣就有可預測性的問題。沒有人想出密碼是由字母和數字真正隨機組合的序列;相反，他們遵守規則，像使用真正的單詞和用“zero”替換字母“O”，或在名字後面加上年份。黑客們知道這一點，所以他們的軟件在進行猜測時可以兼容這些規則，大大減少了猜中正確答案所花費的時間。如果你認爲你已經有了一個想出密碼的聰明方法，很有可能黑客們早已熟悉它了。

The least hackable password, then, would be a long string of completely random letters, numbers, spaces and symbols – but you'd never remember it. However, because length matters so much, the surprising truth is that a longish string of random English words, all in lower case – say, "awoken wheels angling ostrich" – is actually much more secure than a shorter password that follows your bank's annoying rules, such as "M@nch3st3r". And easier to remember: you've already formed a memorable image of some noisy wheels waking up an ostrich fishing by a riverbank, haven't you?

那麼最不容易被破解的密碼，將是由完全隨機的字母、數字、空格和符號組成的一串很長的字符- 但你永遠記不住它。然而，因爲長度那麼重要，令人驚喜的真相是，一串隨機英語單詞組成的長長的字符，全是小寫字母——寫着“甦醒車輪釣魚避世者”——其實比你遵循銀行惱人的規則設置的短密碼更加安全，如“M @ nch3st3r”。而且更容易記住：你已經形成了一個難忘的印象，一些吵鬧的車輪吵醒避世的人在河邊釣魚，是不是？

One day, we may not have to worry about any of this: there are innovations in development that might replace passwords entirely. Touchscreens could be configured to detect subtle aspects of your interactions with your computer – the distances between your fingers, the speeds at which you tap and scroll.

有一天，我們可能不用再擔心這些：發展的創新可能會完全取代密碼。觸屏可以配置得發現你和你電腦之間微妙的互動——通過你手指之間的距離、你打字和滾動的速度。