区块链识别虚假流量
You are uniquely you. After six decades of having to prove it repeatedly to your computer, it’s time machines got smart enough to know the difference.
你是独一无二的你。 经过六十年的反复验证,您的机器已经足够聪明地知道它们之间的区别了。
Around 60 years ago when computer logins first appeared on time-sharing systems & bulletin boards, the average person didn’t use computers at all, and the few who did typically logged onto a single system using a single username & password.
大约60年前,当计算机登录首次出现在分时系统和公告板上时,普通人根本不使用计算机,而少数人通常使用单个用户名和密码登录到单个系统。
Even back then, passwords caused mayhem: users commonly forgot them or shared them with others, burdening support teams with password reset requests and enabling security breaches that led to stolen data.
即使在那时,密码也造成混乱:用户通常忘记了密码或与他人共享密码,给支持团队增加了密码重置请求的负担,并启用了导致数据被盗的安全漏洞。
Today, the same issues happen, but on a much larger scale. The average person has passwords for their personal computer, smartphone, tablet, office computer, software applications — and typically over 130 online accounts, according to a 2015 study by Dashlane. All of these accounts have passwords.
今天,同样的问题发生了,但规模更大。 根据Dashlane 2015年的一项研究, 普通人的个人计算机,智能手机,平板电脑,办公计算机,软件应用程序都有密码-通常有130多个在线帐户。 所有这些帐户都有密码。
Passwords don’t work in today’s world they way they’re supposed to, because the best-practices for passwords don’t work at all:
密码在当今世界应该无法正常工作,因为密码的最佳做法根本不起作用:
Use Unique Passwords: Poorly built software & web-apps can be compromised, and if you use the same password everywhere it allows a hacker to login with your email address anywhere else you’ve used that password.
使用唯一密码 :劣质软件和Web应用程序可能会受到威胁,如果您在任何地方都使用相同的密码,它会允许黑客使用您的电子邮件地址登录您使用该密码的其他任何地方。
Don’t Write Them Down: It’s not considered secure to write down your logins & passwords, and most corporate security policies actually prohibit this. You’re instead recommended to choose passwords you can easily remember.
不要写下来 :写下您的登录名和密码并不安全,大多数公司安全策略实际上都禁止这样做。 建议您选择容易记住的密码。
Change Them Regularly: The general rule of thumb is to change your passwords every 90 days. Some applications require this as a precaution against password leaks that you might not be aware of yet.
定期更改密码:一般的经验法则是每90天更改一次密码。 某些应用程序需要这样做,以防止您可能尚未意识到的密码泄漏。
Don’t Use Dictionary Words: Hackers may use a “dictionary attack” to guess the password for your login, which is why most modern software requires a combination of upper & lower case letters, mixed with numbers and special symbols (like *, !, %).
不要使用字典词 :黑客可能会使用“ 字典攻击 ”来猜测您的登录密码,这就是为什么大多数现代软件都要求使用大写和小写字母,数字和特殊符号(例如* 、!)的组合。 ,%)。
Keeping track of 130+ passwords in your head is too much for most people to remember, and if you follow best-practices it’s not humanly possible to remember them all — especially when you change them every 3 months. That’s why people cheat with easy passwords, which leads to hacks.
对于大多数人来说,记住130多个密码实在是太难了,如果您遵循最佳做法,就很难记住所有密码,尤其是每三个月更改一次时。 这就是为什么人们使用简单的密码作弊,从而导致黑客入侵。
Back in January 2019, Monster.com lost 773 million plain-text account passwords to hackers, adding it to a list of mega-hacks including Dropbox (68 million accounts), LinkedIn (117 million), Yahoo (200 million), MySpace (359 million) and many more.
早在2019年1月,Monster.com就向黑客丢失了7.73亿个纯文本帐户密码 ,并将其添加到大型黑客列表中,包括Dropbox (6800万个帐户), LinkedIn (1.17亿), Yahoo (2亿),MySpace( 3.59亿)等等。
In fact, the breach notification service, Have I Been Pwned, which broke the story on the Monster.com hack, currently stores records of over 9.1 billion hacked account logins from over 416 prominent online services on the web, which suggests that even if the average person was able to follow best-practices for password security, there’s no guarantee that their accounts are secure.
实际上,打破了Monster.com黑客的故事的违规通知服务“我被打了”,目前在网络上存储了来自416多个著名在线服务的超过91亿被黑帐户登录的记录,这表明即使一般人都能遵循最佳做法来实现密码安全性,但不能保证他们的帐户是安全的。
The other notable from these hacks is a list of common passwords compiled by the UK’s NCSC, with the top-5 most common being 123456, qwerty, password, 111111, and abc123. This demonstrates the reality of passwords: most users tend to rely on a few simple, easily-remembered passwords that they use for all their account logins, which undermines every principle of password security.
这些黑客中另一个值得注意的是英国NCSC编制的常见密码列表 ,其中最常见的前5位是123456,qwerty,密码,111111和abc123。 这说明了密码的真实性:大多数用户倾向于在其所有帐户登录中使用一些简单易记的密码,这破坏了密码安全性的所有原理。
In today’s world, the solution to password overload has been to consolidate various logins & passwords either through password managers or Oauth logins — which let you use the credentials of a major web account (like Gmail) to sign into other accounts (like Medium).
在当今世界,密码过载的解决方案一直是通过密码管理器或Oauth登录来合并各种登录名和密码,这使您可以使用主要Web帐户(如Gmail)的凭据登录其他帐户(如Medium)。
These solutions works for most people, most of the time — but they don’t address the underlying issue, they just try to make the symptoms bearable.
这些解决方案在大多数时间都适用于大多数人,但是它们并没有解决根本问题,只是试图使症状可以忍受。
Password managers & keychains, for example, can generate & store passwords for you, allowing you to automatically login to passwords with stored values from your PC or cloud account — but they have real limitations.
例如,密码管理器和钥匙串可以为您生成和存储密码,使您可以使用PC或云帐户中的存储值自动登录到密码-但它们有实际限制。
For instance, updating a password in Chrome won’t notify Apple Keychain, updating a password on your work PC typically won’t update credentials on your home PC, and updating a password on your phone almost never updates your PC. It ameliorates the problem, but also turns it into a game of chance.
例如,在Chrome中更新密码不会通知Apple钥匙串,在工作PC上更新密码通常不会更新家用PC上的凭据,而在手机上更新密码几乎永远不会更新PC。 它改善了问题,但也将它变成了机会游戏。
Another approach is Oauth, an open standard for access delegation that allows you to signup & login to web-apps like Medium using credentials from your Google or Microsoft account. It consolidates your credentials, but still suffers from issues with updates across devices, as well as a general lack of consistency in implementation.
另一种方法是Oauth ,这是一种用于访问委派的开放标准,允许您使用Google或Microsoft帐户中的凭据注册和登录诸如Medium的Web应用程序。 它可以合并您的凭据,但是仍然会遇到跨设备更新的问题,并且普遍缺乏实施的一致性。
In the last decade, mobile phone manufacturers have turned to fingerprint & face-recognition technology as an alternative to the traditional username & password combination.
在过去的十年中,移动电话制造商已将指纹和面部识别技术替代了传统的用户名和密码组合。
Rather than repeatedly typing in your credentials to prove your identity, these biometric technologies shift the burden of proof to the machine to correctly identify you, and automatically enter your stored credentials as required.
这些生物统计技术无需反复输入凭据来证明您的身份,而是将举证责任转移到机器上以正确识别您的身份,并根据需要自动输入您存储的凭据。
Biometrics alone don’t solve the issue with passwords, but combining biometrics with blockchain identity management could be a path forward. Companies like Accenture, Kairos, Veridium, and others are already exploring the idea, with a slew of whitepapers on their proposed solutions available online.
光靠生物识别技术并不能解决密码问题,但是将生物识别技术与区块链身份管理相结合可能是一条前进的道路。 埃森哲(Accenture) , 凯罗斯(Kairos) , 韦里迪姆(Veridium )等公司已经在探索这一想法,并在网上提供了大量白皮书,介绍其拟议的解决方案。
Imagine decentralized, encrypted login management, keyed to biometric parameters like your finger- or facial-print, which makes your credentials a portable, singular dataset that’s tied uniquely to you — not trapped on your computer, owned by your cloud provider, or locked in the app you’re using.
想象一下去中心化,加密的登录管理,该登录管理输入了诸如指纹或面部指纹之类的生物识别参数,从而使您的凭据成为与您唯一绑定的便携式,单一数据集-不会被困在计算机上,不会被云提供商拥有或被锁定您正在使用的应用。
That’s the paradigm shift: rather than a shell game of logins & passwords to prove your identity, you have a single login, using your fingerprint or face as the password, that’s used to access all of your devices & apps, all of the time.
这是范式的转变:您无需使用登录名和密码的外壳游戏来证明您的身份,而是使用指纹或面部作为密码进行一次登录,该登录名可随时用于访问所有设备和应用程序。
翻译自: https://medium.com/crypto-spotlight/passwords-suck-can-biometric-blockchain-identity-management-do-better-13807ca63c1c
区块链识别虚假流量
相关资源:微信小程序源码-合集6.rar