開源日報 每天推薦一個 GitHub 優質開源項目和一篇精選英文科技或編程文章原文,堅持閱讀《開源日報》,保持每日學習的好習慣。
今日推薦開源項目:《InfoSpider》
今日推薦英文原文:《Rules for strong passwords don't work, researchers find. Here's what does》

今日推薦開源項目:《InfoSpider》傳送門:項目鏈接
推薦理由:InfoSpider 是一個集眾多數據源於一身的爬蟲工具箱,旨在安全快捷的幫助用戶拿回自己的數據,工具代碼開源,流程透明。並提供數據分析功能,基於用戶數據生成圖表文件,使得用戶更直觀、深入了解自己的信息。 目前支持數據源包括GitHub、QQ郵箱、網易郵箱、阿里郵箱、新浪郵箱、Hotmail郵箱、Outlook郵箱、京東、淘寶、支付寶、中國移動、中國聯通、中國電信、知乎、嗶哩嗶哩、網易雲音樂、QQ好友、QQ群、生成朋友圈相冊、瀏覽器瀏覽歷史、12306、博客園、CSDN博客、開源中國博客、簡書。
今日推薦英文原文:《Rules for strong passwords don't work, researchers find. Here's what does》作者:Laura Hautala
原文鏈接:https://www.cnet.com/news/rules-for-strong-passwords-dont-work-researchers-find-heres-what-does/
推薦理由:在人均網路衝浪的今天, 我們面對海量app, 也在這些app上創建了無數的賬號, 人們也開始更加關注自己的賬號安全. 這篇文章將提供一些實用的tips來提升你的密碼可靠度.

Rules for strong passwords don't work, researchers find. Here's what does

When you create a password for yet another new account, you'll probably encounter familiar rules designed to make it harder for hackers to get in: Use capitals letters, numbers and special characters. However, researchers at Carnegie Mellon University say these requirements don't make your password stronger.

Lorrie Cranor, director of the CyLab Usable Security and Privacy Laboratory at CMU, says her team has a better way, a meter that websites can use to prompt you to create more-secure passwords. After a user has created a password of at least 10 characters, the meter will start giving suggestions, such as breaking up common words with slashes or random letters, to make your password stronger.

The suggestions set the password strength meter apart from other meters that provide an estimated password strength, often using colors. The suggestions come from common pitfalls Cranor's team has seen people make when they set up passwords during experiments run by the lab.

One of the problems with many passwords is that they tick all the security checks but are still easy to guess, because most of us follow the same patterns, the lab found. Numbers? You'll likely add a "1" at the end. Capital letters? You'll probably make it the first one in the password. And special characters? Frequently exclamation marks.

CMU's password meter will offer advice for strengthening a password like "ILoveYou2!" -- which meets the standard requirements. The meter also offers other advice based on what you type in, such as reminding you not to use a name or suggesting you put special characters in the middle of your password.

"It's relevant to what you're doing, rather than some random tip," Cranor said.

In an experiment, users created passwords on a system that simply required them to enter 10 characters. Then the system rated the passwords with the lab's password strength meter and gave tailored suggestions for stronger passwords. Test subjects were able to come up with secure passwords that they could recall up to five days later. It worked better than showing users preset lists of rules or simply banning known bad passwords (I'm looking at you "StarWars").

Cranor and co-authors Joshua Tan, Lujo Bauer and Nicolas Christin will present their latest password findings on Thursday at the ACM Conference on Computer and Communications Security, which is being held virtually. The team hopes its tools will be adopted by website makers in the future.

In the meantime, Cranor says the best way to create and remember secure passwords is to use a password manager. Those aren't widely adopted, and they come with some trade-offs. Nonetheless, they allow you to create a random, unique password for each account, and they remember your passwords for you.
下載開源日報APP:https://openingsource.org/2579/
加入我們:https://openingsource.org/about/join/
關注我們:https://openingsource.org/about/love/