Ini nguva pfupi yadarika ndakave nenguva yekufunga zvakare nezve yakachengeteka password reset chimiro chinofanira kushanda, chekutanga pandakanga ndichivaka mashandiro aya , uye paakabatsira mumwe munhu kuita zvakafanana. Muchiitiko chechipiri, ndaida kumupa chinongedzo kune canonical sosi ine ruzivo rwese maitiro ekuita zvakachengeteka basa reset. Nekudaro, dambudziko nderekuti sosi yakadaro haipo, kanenge kwete imwe inotsanangura zvese zvinoita sekukosha kwandiri. Saka ndakafunga kuzvinyora ini.
Iwe unoona, nyika yemapassword akakanganwa ichokwadi isinganzwisisike. Kune akawanda akasiyana, anogamuchirwa zvachose maonero uye akawanda ane njodzi. Mikana yekuti wakasangana neimwe yadzo kakawanda semushandisi wekupedzisira; saka ini ndichaedza kushandisa iyi mienzaniso kuratidza kuti ndiani ari kuzviita nemazvo, ndiani asiri, uye zvaunofanira kutarisa pazviri kuti uwane chimiro muapp yako.
Password kuchengetedza: hashing, encryption uye (gasp!) plain text
Hatigone kukurukura zvekuita nemapassword akakanganwa tisati takurukura kuti toachengeta sei. Mapassword anochengetwa mudhatabhesi mune imwe yemhando nhatu huru:
- Runyoro rwuri nyore. Pane pasiwedhi column, iyo inochengetwa iri plain text form.
- Encrypted. Kazhinji uchishandisa symmetric encryption (kiyi imwe inoshandiswa kune zvese encryption uye decryption), uye iyo encrypted passwords zvakare inochengetwa mukoramu imwechete.
- Hashed. Nzira imwe chete (password inogona kumhanyiswa, asi haigone kuderedzwa); pasiwedhi, Ndinoda kutarisira, uchiteverwa nomunyu, uye imwe neimwe iri mumbiru yayo.
Ngatiendei kumubvunzo wakapusa: Usambofa wakachengeta mapassword mumavara akajeka! Never. Imwe vulnerability imwe chete , imwe isina hanya backup, kana imwe yemamwe akawanda emamwe zvikanganiso zviri nyore - uye ndizvozvo, gameover, ese mapassword ako - ndiko kuti, sorry, mapassword evatengi vako vese ichave yeruzhinji domain. Chokwadi, izvi zvaizoreva mukana mukuru kuti kubva kumaakaundi avo ese mune mamwe masisitimu. Uye ichava mhosva yako.
Encryption iri nani, asi ine utera hwayo. Dambudziko ne encryption is decryption; isu tinokwanisa kutora aya anopenga anotarisisa ciphers toashandura kuti adzokere kumavara akajeka, uye kana izvozvo zvaitika tinenge tadzokera kumamiriro epassword anoverengwa nevanhu. Izvi zvinoitika sei? Chikanganiso chidiki chinopinda mukodhi inobvisa password, ichiita kuti iwanikwe pachena - iyi ndiyo imwe nzira. Hackers vanowana mukana wemuchina unochengeterwa data rakavharidzirwa - iyi ndiyo nzira yechipiri. Imwe nzira, zvakare, ndeyekuba iyo yekuchengetedza dhatabhesi uye mumwe munhu anowanawo kiyi yekuvharidzira, iyo inowanzo chengetwa isina kuchengetedzwa.
Uye izvi zvinotisvitsa kune hashing. Pfungwa iri shure kwehashing ndeyokuti inzira imwe chete; iyo chete nzira yekufananidza password-yakapinda mushandisi neiyo hashi vhezheni ndeye hashi yekupinza uye nekuienzanisa. Kudzivirira kurwiswa kubva kumaturusi sematafura emuraraungu, isu tinoisa maitiro nekusarongeka (verenga yangu nezve cryptographic storage). Pakupedzisira, kana ikashandiswa nemazvo, tinogona kuva nechivimbo chekuti mapassword hashi haazombove akajeka zvakare (ini ndichataura nezve mabhenefiti eakasiyana hashing algorithms mune imwe positi).
Nhaurirano yekukurumidza nezve hashing vs. encryption: chikonzero chega chaungazoda kunyora pasi pane kuti hash pasiwedhi ndipo paunoda kuona password mune yakajeka mavara, uye haufaniri kumboda izvi, zvirinani mune yakajairwa webhusaiti mamiriro. Kana iwe uchida izvi, saka kazhinji iwe uri kuita chimwe chinhu chakaipa!
Cherechedza chinyorwa!
Pazasi mune zvinyorwa zveposvo pane chikamu cheiyo skrini yezvinonyadzisira webhusaiti AlotPorn. Yakagadzirwa zvakachena saka hapana chausingaone pamahombekombe, asi kana zvichiri kukonzeresa chero matambudziko, usapure pasi.
Nguva dzose gadzirisa password yako hazviiti usamuyeuchidza
Wakambokumbirwa kugadzira basa here zviyeuchidzo pasiwedhi? Tora nhanho kumashure uye funga nezve chikumbiro ichi kumashure: nei ichi "chiyeuchidzo" ichidikanwa? Nekuti mushandisi akanganwa password. Chii chatinonyatsoda kuita? Mubatsire kupinda zvakare.
Ndinoziva kuti izwi rekuti "chiyeuchidzo" rinoshandiswa (kazhinji) nenzira yekutaura, asi zvatiri kuedza chaizvo kuita. zvakachengeteka batsira mushandisi kuve online zvakare. Sezvo isu tichida chengetedzo, pane zvikonzero zviviri nei chiyeuchidzo (kureva kutumira mushandisi password yavo) isina kukodzera:
- Email inzira isina kuchengeteka. Sezvo isu tisingatumire chero chinhu chinonetsa pamusoro peHTTP (taizoshandisa HTTPS), isu hatifanirwe kutumira chero chinhu chinobatika pamusoro peemail nekuti iyo yekufambisa haina kuchengeteka. Kutaura zvazviri, izvi zvakanyanya kuipa kupfuura kungotumira ruzivo pamusoro peprotocol yekutakura isina kuchengeteka, nokuti tsamba inowanzochengetwa pachigadziro chekuchengetedza, inowanikwa kune vatungamiri vehurongwa, inotumirwa uye inoparadzirwa, inowanikwa kune malware, nezvimwe zvakadaro. Imeyili isina kunyorwa inzira isina kuchengeteka zvakanyanya.
- Iwe haufanirwe kuwana password zvakadaro. Verenga zvakare chikamu chekare pamusoro pekuchengetera - iwe unofanirwa kuve nehashi yepassword (ine yakanaka yakasimba munyu), zvichireva kuti haufanirwe kukwanisa kubvisa password uye kuitumira netsamba.
Rega ndiratidze dambudziko nemuenzaniso : Heino yakajairika peji rekupinda:
Zviripachena, dambudziko rekutanga nderekuti peji rekupinda haritakure pamusoro peHTTPS, asi saiti zvakare inokukurudzira kutumira password ("Send Password"). Uyu unogona kunge uri muenzaniso wekushandiswa kwemazwi ezwi rataurwa pamusoro apa, saka ngatitorei nhanho mberi tione zvinoitika:
Hazvina kutaridzika zviri nani, zvinosuruvarisa; uye email inosimbisa kuti pane dambudziko:
Izvi zvinotitaurira zvinhu zviviri zvakakosha zve usoutdoor.com:
- Iyo saiti haina hash mapassword. Zvakanakisisa, akavharidzirwa, asi zvingangoita kuti akachengetwa mumagwaro akajeka; Hationi humbowo hunopesana nazvo.
- Iyo saiti inotumira password yenguva refu (tinogona kudzoka toishandisa zvakare uye zvakare) pamusoro pechiteshi chisina kuchengetedzwa.
Neizvi kunze kwenzira, isu tinofanirwa kutarisa kana iyo reset process yaitwa nenzira yakachengeteka. Danho rekutanga kuita izvi kuve nechokwadi chekuti mukumbiri ane kodzero yekuita reset. Mune mamwe mazwi, izvi zvisati zvaitika tinoda cheki yekuzivikanwa; ngatitarisei kuti chii chinoitika kana chitupa chaongororwa pasina kutanga taratidza kuti mukumbiri ndiye muridzi weakaundi.
Kunyora mazita ekushandisa uye zvazvinoita pakusazivikanwa
Dambudziko iri rinonyatso kuratidzwa nekuona. Dambudziko:
Unoona here? Teerera kune meseji "Hapana mushandisi akanyoreswa neiyi email kero." Dambudziko riri pachena rinomuka kana saiti yakadaro ichisimbisa kuwanikwa mushandisi akanyoreswa nekero yeemail yakadaro. Bhingo - uchangowana murume wako/shefu/muvakidzani wako n'anga!
Ehe, zvinonyadzisira muenzaniso wakajeka wekukosha kwekuvanzika, asi njodzi dzekubatanidza munhu neiyo webhusaiti webhusaiti dzakapamhama kupfuura iyo inogona kunetsa mamiriro anotsanangurwa pamusoro apa. Imwe njodzi inyanzvi yemagariro; Kana munhu anorwisa achikwanisa kufananidza munhu nebasa, ipapo achava neruzivo rwaanogona kutanga kushandisa. Semuenzaniso, anogona kubata munhu ari kuita semumiriri wewebhusaiti uye kukumbira rumwe ruzivo mukuyedza kuzvipira .
Maitiro akadai anosimudzawo njodzi ye "username enumeration," apo munhu anogona kuratidza kuvepo kwese kuunganidzwa kwemazita ekushandisa kana email kero pawebhusaiti nekungobvunza mibvunzo yeboka uye kuongorora mhinduro kwavari. Iwe une rondedzero yeemail kero yevashandi vese uye maminetsi mashoma ekunyora script? Wobva waona kuti dambudziko nderei!
Ndeipi imwe nzira? Muchokwadi, iri nyore, uye rinoitwa zvinoshamisa mukati :
Pano Entropay haitauri zvachose nezve kuvapo kwekero yeemail muhurongwa hwayo kune mumwe munhu asiri wake kero iyi. Kana iwe own kero iyi uye haipo muhurongwa, ipapo unogashira email seizvi:
Chokwadi, pangava nemigariro inogamuchirika umo mumwe munhu anofungakuti wakanyoresa pawebhusaiti. asi izvi handizvo, kana kuti ndakazviita kubva kune imwe email kero. Muenzaniso waratidzwa pamusoro unobata mamiriro ese ari maviri zvakanaka. Zviripachena, kana kero yacho ichienderana, iwe unogashira email ichiita kuti zvive nyore kuseta password yako.
Hunyengeri hwemhinduro yakasarudzwa neEntropay ndeyekuti chitupa chiziviso chinoitwa zvinoenderana e-mail isati yaitwa chero online verification. Mamwe mawebhusaiti anobvunza vashandisi mhinduro kumubvunzo wekuchengetedza (zvimwe pane izvi pazasi) up to kuti kugadzirisazve kunogona kutanga sei; zvisinei, dambudziko neizvi nderekuti unofanirwa kupindura mubvunzo uchipa imwe nzira yekuzivikanwa (email kana zita rekushandisa), izvo zvinobva zvaita kuti zvisaite kuti upindure intuitively pasina kuratidza kuvapo kweakaundi yemushandisi asingazivikanwe.
Neiyi nzira iripo diki yakadzikira usability nekuti kana ukaedza kusetazve account isipo, hapana mhinduro yekukurumidza. Ehe, ndiyo pfungwa yese yekutumira email, asi kubva kune chaiyo yekupedzisira-mushandisi maonero, kana vakaisa iyo isiriyo kero, ivo vanongoziva kekutanga pavanogamuchira iyo email. Izvi zvinogona kukonzera kusawirirana padivi pake, asi uyu mutengo mudiki kubhadhara kune isingawanzo hurongwa.
Chimwe chinyorwa, zvishoma kunze kwechinyorwa: mabasa ekubatsira ekupinda anoratidza kana zita rekushandisa kana email kero yakarurama vane dambudziko rakafanana. Gara uchipindura mushandisi ne "Iwe zita rekushandisa uye password musanganiswa haukodzeri" meseji pane kunyatso simbisa kuvepo kwezvitupa (semuenzaniso, "zita rekushandisa rakarurama, asi password haina kururama").
Kutumira reset password vs kutumira reset URL
Pfungwa inotevera yatinofanira kukurukura ndeye magadzirise password yako. Pane mhinduro mbiri dzakakurumbira:
- Kugadzira password nyowani pane server uye kuitumira neemail
- Tumira email ine yakasarudzika URL kuti kugadzirisa patsva kuve nyore
Kunyangwe , pfungwa yokutanga haifaniri kumboshandiswa. Dambudziko iri nderekuti zvinoreva kuti pane password yakachengetedzwa, iyo yaunogona kudzokera uye kushandisa zvakare chero nguva; yakatumirwa pamusoro penzira isina kuchengeteka uye inoramba iri mubhokisi rako rekunyora. Mikana ndeyekuti mabhokisi ekutumira anowiriraniswa panharembozha uye email mutengi, uyezve anogona kuchengetwa online muwebhu email sevhisi kwenguva yakareba. Nyaya iripo ndeyekuti bhokisi retsamba harigoni kuonekwa senzira yakavimbika yekuchengetedza kwenguva refu.
Asi kunze kweizvi, pfungwa yekutanga ine rimwe dambudziko rakakomba - iro inorerutsa zvakanyanya sezvinobvira kuvhara account nechinangwa chakaipa. Kana ndikaziva kero yeemail yemunhu ane account pawebhusaiti, ipapo ndinogona kuvavhara chero nguva nekungogadzirisa password yavo; Uku kurambwa kwekurwiswa kwesevhisi kunoshandiswa mundiro yesirivha! Ichi ndicho chikonzero kugadziridza kunofanirwa kuitwa chete mushure mekubudirira kwechokwadi kwekodzero dzeanokumbira kwairi.
Kana tichitaura nezve reset URL, tinoreva kero yewebhusaiti iri yakasarudzika kune iyi chaiyo kesi yekugadziriswazve. Ehe, ngazviitwe zvisina tsarukano, hazvifanirwe kuve nyore kufungidzira, uye haifanirwe kunge iine chero ekunze zvinongedzo kuaccount inoita kuti zvive nyore kuseta patsva. Semuyenzaniso, iyo URL yekumisikidza haifanire kungova nzira se"Reset/?username=JohnSmith".
Tinoda kugadzira chiratidzo chakasarudzika chinogona kutumirwa se URL yekumisikidza, uye yobva yafananidzwa nerekodhi server yeakaundi yemushandisi, nokudaro tichisimbisa kuti muridzi weakaundi, chokwadi, munhu mumwe chete ari kuyedza kuseta pasiwedhi. Semuenzaniso, chiratidzo chinogona kunge chiri "3ce7854015cd38c862cb9e14a1ae552b" uye chakachengetwa mutafura pamwe neID yemushandisi ari kuita reset uye nguva yakagadzirwa chiratidzo (zvimwe pane izvi pazasi). Kana iyo email yatumirwa, ine URL yakaita senge "Reset/?id=3ce7854015cd38c862cb9e14a1ae552b", uye kana mushandisi akaidhawunirodha, peji rinokurudzira kuvepo kwechiratidzo, mushure mezvo rinosimbisa ruzivo rwemushandisi uye rinovabvumira kuchinja. pasiwedhi.
Ehe, sezvo maitiro ari pamusoro (netariro) achibvumira mushandisi kugadzira password nyowani, isu tinofanirwa kuve nechokwadi chekuti URL yakarodha pamusoro peHTTPS. Aihwa, , iyi URL yechiratidzo inofanira kushandisa chekufambisa chengetedzo kuitira kuti fomu idzva repasiwedhi rirege kurwiswa uye password-yakagadzirwa nemushandisi yakafambiswa pamusoro pekubatana kwakachengeteka.
Zvakare kune iyo reset URL iwe unofanirwa kuwedzera chiratidzo chenguva muganho kuitira kuti reset process ipedze mukati meimwe nguva, taura mukati meawa. Izvi zvinova nechokwadi chekuti hwindo renguva yekumisikidza rinochengetwa riri shoma kuitira kuti anogamuchira reset URL anogona chete kuita mukati meiyo hwindo diki. Ehe, anorwisa anogona kutanga maitiro ekugadzirisa zvakare, asi ivo vanozoda kuwana imwe yakasarudzika reset URL.
Chekupedzisira, isu tinofanirwa kuve nechokwadi chekuti nzira iyi inoraswa. Kana iyo reset process yapera, chiratidzo chinofanira kubviswa kuitira kuti reset URL isashande. Iyo yapfuura poindi inofanirwa kuve nechokwadi chekuti anorwisa ane diki hwindo panguva yaanogona kushandura iyo reset URL. Uyezve, hongu, kana kugadzirisazve kwabudirira, chiratidzo hachichadiwi.
Mamwe ematanho aya anogona kuita seakawandisa, asi haakanganise usability uye chokwadi kunatsiridza kuchengeteka, kunyangwe mumamiriro ezvinhu atinotarisira kuti achave mashoma. Mu99% yezviitiko, mushandisi anogonesa kuseta zvakare mukati menguva pfupi pfupi uye haazogadzirise password zvakare munguva pfupi iri kutevera.
Basa reCAPTCHA
Ah, CAPTCHA, iyo yekuchengetedza ficha isu tese tinoda kuvenga! Muchokwadi, CAPTCHA haisati iri chishandiso chekudzivirira sezvo chiri chiziviso - ungave uri munhu kana robhoti (kana automated script). Chinangwa chayo ndechekudzivirira otomatiki fomu kutumira, izvo, zvechokwadi, may kushandiswa sekuedza kuputsa kuchengetedzwa. Muchirevo chekugadzirisa password, CAPTCHA inoreva kuti reset basa haigone kumanikidzwa-kumanikidzwa kune spam mushandisi kana kuedza kuona kuvepo kweakaundi (izvo, zvechokwadi, hazvizogoneke kana iwe wakatevera zano riri muchikamu che. kuongorora zvitupa).
Zvechokwadi, iyo CAPTCHA pachayo haina kukwana; Pane zvakawanda zvakatangira software yayo "kubira" uye kuwana yakakwana budiriro mitengo (60-70%). Uyezve, pane mhinduro inoratidzwa mune yangu positi nezve , kwaunogona kubhadhara vanhu zvikamu zvezana kuti ugadzirise CAPTCHA imwe neimwe uye uwane kubudirira kwe94%. Ndiko kuti, iri panjodzi, asi iyo (zvishoma) inosimudza chipingamupinyi chekupinda.
Ngatitarisei muenzaniso wePayPal:
Muchiitiko ichi, nzira yekugadzirisa haigoni kutanga kusvikira CAPTCHA yagadziriswa, saka theoretically hazvibviri kuita otomatiki maitiro. Mupfungwa.
Nekudaro, kune mazhinji maapplication ewebhu izvi zvichave zvakanyanya uye chokwadi chaicho inomiririra kudzikira kwekushandisa - vanhu havangofarire CAPTCHA! Mukuwedzera, CAPTCHA chimwe chinhu chaunogona kudzoka nyore nyore kana zvichidikanwa. Kana sevhisi ikatanga kurwiswa (apa ndipo panouya matanda zvinobatsira, asi zvimwe pane izvozvo gare gare), uye kuwedzera CAPTCHA hakugone kuve nyore.
Mibvunzo yakavanzika nemhinduro
Nenzira dzese dzatakafunga, takakwanisa kuseta pasiwedhi nekungove nekuwana iyo email account. Ini ndinoti "chete", asi, chokwadi, hazvisi pamutemo kuwana mukana kune email account yeumwe munhu. anofanira kuva maitiro akaoma. Zvisinei .
Muchokwadi, chinongedzo chiri pamusoro pamusoro pekubirwa kweSarah Palin's Yahoo! inoshandisa zvinangwa zviviri; chekutanga, inoratidza kuti zviri nyore sei kubira (mamwe) maakaunti eemail, uye chechipiri, inoratidza kuti mibvunzo yekuchengeteka inogona kushandiswa sei nechinangwa chakaipa. Asi tichazodzoka kune izvi gare gare.
Dambudziko neXNUMX% email-based password resets nderekuti kutendeseka kweakaundi yesaiti yauri kuyedza kuseta zvakare inova zana inotsamira pakuvimbika kweiyo email account. Chero ani anogona kuwana email yako ine mukana kune chero account inogona kusetwa patsva nekungogamuchira email. Kune maakaunti akadaro, email ndiyo "kiyi kumasuo ese" ehupenyu hwako hwepamhepo.
Imwe nzira yekudzikisa njodzi iyi ndeyekushandisa mubvunzo wekuchengetedza uye pateni yekupindura. Hapana mubvunzo kuti wakambovaona: sarudza mubvunzo waunogona kupindura iwe chete ndinofanira ziva mhinduro, uye kana waisa patsva password yako uchabvunzwa. Izvi zvinowedzera chivimbo chekuti munhu ari kuedza kuseta zvakare ndiye muridzi weakaundi.
Kudzokera kuna Sarah Palin: chikanganiso ndechekuti mhinduro kumubvunzo wake wekuchengetedza / mibvunzo yaigona kuwanikwa nyore. Kunyanya kana iwe uri munhu akakosha weruzhinji, ruzivo nezve zita remusikana raamai vako, nhoroondo yedzidzo, kana kwaanogona kunge akararama mumwe munhu munguva yakapfuura hazvisi zvese zvakavanzika. Kutaura zvazviri, zvizhinji zvacho zvinogona kuwanikwa nomunhu anenge ari wose. Izvi ndizvo zvakaitika kuna Sarah:
Hacker David Kernell akawana mukana kuakaundi yaPalin nekutsvaga ruzivo rwekumashure kwake, seyunivhesiti yake nezuva rekuzvarwa, uyezve kushandisa Yahoo!'s yakakanganwa password yekudzoreredza chimiro.
Chekutanga pane zvese, ichi chikanganiso chekugadzira pane Yahoo! - nekutsanangura mibvunzo iri nyore kudaro, kambani yakakanganisa kukosha kwemubvunzo wekuchengetedza, uye nekudaro kuchengetedzwa kwehurongwa hwayo. Ehezve, kusetazve mapassword eemail account kunogara kwakaoma sezvo usingakwanise kuratidza muridzi nekutumira email kumuridzi (pasina kuva nekero yechipiri), asi nerombo rakanaka hapana mashandisiro mazhinji ekugadzira hurongwa hwakadaro nhasi.
Ngatidzokere kumibvunzo yekuchengetedza - pane sarudzo yekubvumidza mushandisi kugadzira yavo mibvunzo. Dambudziko nderekuti izvi zvinokonzeresa mibvunzo iri pachena:
Denga rine ruvara rwakadini?
Mibvunzo inoita kuti vanhu vasagadzikana kana mubvunzo wekuchengetedza uchishandiswa kuziva munhu (semuenzaniso, munzvimbo yekufona):
Ko pakisimusi ndairara nani?
Kana kuti mibvunzo yakapusa:
Iwe unoperetera sei "password"?
Kana zvasvika kumibvunzo yekuchengetedza, vashandisi vanofanirwa kuponeswa kubva kwavari! Mune mamwe mazwi, mubvunzo wekuchengetedza unofanirwa kutariswa nesaiti pachayo, kana zvirinani zvakadaro, yakabvunzwa akateedzana mibvunzo yekuchengetedza kubva iyo mushandisi anogona kusarudza. Uye hazvisi nyore kusarudza ΠΎΠ΄ΠΈΠ½; zvakanaka mushandisi anofanira kusarudza miviri kana kupfuura mibvunzo yekuchengetedza panguva yekunyoresa account, iyo inozoshandiswa senzira yechipiri yekuzivikanwa. Kuva nemibvunzo yakawanda kunowedzera chivimbo mukuita kwekuongorora, uye kunopawo kugona kuwedzera zvisina tsarukano (kwete nguva dzose kuratidza mubvunzo mumwe chete), uyezve kunopa chidimbu chedundancy kana mushandisi chaiye akanganwa password.
Ndeupi mubvunzo wakanaka wekuchengetedza? Izvi zvinokonzerwa nezvinhu zvakawanda:
- Anofanira kudaro pfupi - mubvunzo unofanira kuva wakajeka uye usinganzwisisiki.
- Mhinduro inofanira kuva yakananga β hatidi mubvunzo ungapindurwa nemunhu mumwe zvakasiyana
- Mhinduro dzingangove zvakasiyana-siyana - kubvunza ruvara rwemumwe munhu rwunopa chikamu chidiki chemhinduro dzinogoneka
- ΠΠΎΠΈΡΠΊ mhinduro yacho inofanira kunge yakaoma - kana mhinduro ichiwanikwa nyore chero (rangarirai vanhu vane zvinzvimbo zvepamusoro), ipapo akaipa
- Mhinduro inofanira kuva zvachose nekufamba kwenguva - kana ukabvunza bhaisikopo remumwe munhu, zvino mushure megore mhinduro inogona kunge yakasiyana
Sezvazvinoitika, kune webhusaiti yakatsaurirwa kubvunza mibvunzo yakanaka inonzi . Mimwe yemibvunzo inoita seyakanaka, vamwe havapfuure mimwe miedzo yatsanangurwa pamusoro apa, kunyanya "kureruka kwekutsvaga" bvunzo.
Rega ndiratidze mashandisiro anoita PayPal mibvunzo yekuchengetedza uye, kunyanya, iyo saiti inoisa mukusimbisa. Pamusoro takaona peji rekutanga maitiro (neCAPTCHA), uye pano ticharatidza zvinoitika mushure mekuisa email kero yako uye kugadzirisa CAPTCHA:
Somugumisiro, mushandisi anogamuchira tsamba inotevera:
Parizvino zvese zvakajairika, asi hezvino izvo zvakavanzwa kuseri kweiyi reset URL:
Saka, mibvunzo yekuchengetedza inopinda. Asi izvo, PayPal zvakare inobvumidza iwe kuseta patsva password yako nekuona nhamba yako yekadhi rechikwereti, saka kune imwe chiteshi iyo masaiti mazhinji haakwanise kuwana. Handikwanise kuchinja password yangu ndisina kupindura zvose mubvunzo wekuchengetedza (kana kusaziva nhamba yekadhi). Kunyangwe kana mumwe munhu akabira email yangu, havangakwanise kuseta patsva account yangu yePayPal kunze kwekunge vaziva ruzivo rwakati wandei nezvangu. Mashoko api? Heano mhinduro dzemibvunzo yekuchengetedza iyo PayPal inopa:
Mubvunzo wechikoro nechipatara unogona kunge wakapusa maererano nekureruka kwekutsvaga, asi mamwe acho haana kunyanya kushata. Nekudaro, kuti uwedzere kuchengetedzeka, PayPal inoda imwe chiziviso che change mhinduro kumibvunzo yekuchengetedza:
PayPal muenzaniso wakanaka wekuchengetedza password reset: inoshandisa CAPTCHA kudzikisa njodzi yekurwiswa nechisimba, inoda mibvunzo miviri yekuchengetedza, uyezve inoda imwe mhando yekuzivikanwa kwakasiyana zvachose kuti uchinje mhinduro-uye izvi mushure memushandisi. akatosaina kare. Chokwadi, izvi ndizvo chaizvo zvatiri zvinotarisirwa kubva paPayPal; isangano rezvemari rinobata nemari yakawanda. Izvi hazvireve kuti kuseta pasiwedhi kwega kwega kunofanirwa kutevedzera nhanho idzi-kazhinji yenguva inenge yakawandisa-asi muenzaniso wakanaka kune zviitiko apo kuchengetedzeka kuri bhizinesi rakakomba.
Iko kurerukirwa kweiyo yekuchengetedza mubvunzo system ndeyekuti kana usati wazviita ipapo ipapo, unogona kuiwedzera gare gare kana iyo nhanho yekudzivirira zviwanikwa ichida. Muenzaniso wakanaka weiyi Apple, iyo ichangobva kuita iyi nzira [chinyorwa chakanyorwa muna 2012]. Pandakangotanga kugadziridza application pane yangu iPad, ndakaona inotevera chikumbiro:
Ipapo ndakaona skrini pandaigona kusarudza akati wandei emibvunzo yekuchengetedza nemhinduro, pamwe nekero yeemail yekununura:
Kana iri PayPal, mibvunzo yakafanosarudzwa uye mamwe acho akanaka chaizvo:
Imwe neimwe yemibvunzo mitatu/mhinduro mbiri inomiririra seti yakasiyana yemibvunzo inobvira, saka pane nzira dzakawanda dzekugadzirisa account.
Chimwe chinhu chekufunga nezvekupindura mubvunzo wako wekuchengetedza ndeyekuchengetedza. Kuve nedhatabhesi yezvinyorwa zviri pachena mudhatabhesi kunoisa kutyisidzira kwakafanana nepassword, kureva kuti kufumura dhatabhesi pakarepo kunoratidza kukosha uye hakuisi chete application panjodzi, asi inogona kunge yakasiyana zvachose yekushandisa uchishandisa yakafanana mibvunzo yekuchengetedza (ikoko zvakare. ) Imwe sarudzo ndeye yakachengeteka hashing (yakasimba algorithm uye cryptographically random munyu), asi kusiyana neakawanda password kuchengetedza nyaya, panogona kunge paine chikonzero chakanaka chekuti mhinduro ionekwe semavara akajeka. Mamiriro ezvinhu akajairika ndeyekuongororwa chitupa nemunhu anoridza runhare. Ehe, hashing inoshandawo mune iyi kesi (mushandisi anogona kungopinza mhinduro yakatumidzwa nemutengi), asi kana yakaipisisa, mhinduro yakavanzika inofanirwa kunge iri pane imwe nhanho yekuchengetedza cryptographic, kunyangwe ingori symmetric encryption. . Pfupiso: bata zvakavanzika sezvakavanzika!
Imwe yekupedzisira yemibvunzo yekuchengetedza uye mhinduro ndeyekuti ivo vari panjodzi yesocial engineering. Kuedza kuburitsa zvakananga password kuaccount yemumwe munhu chinhu chimwe, asi kutanga nhaurirano nezvekuumbwa kwayo (mubvunzo wakakurumbira wekuchengetedza) wakasiyana zvachose. Muchokwadi, unogona kutaurirana nemumwe munhu nezve zvakawanda zvehupenyu hwavo izvo zvinogona kuunza mubvunzo wakavanzika pasina kumutsa fungidziro. Ehe, iyo chaiyo poindi yemubvunzo wekuchengetedza ndeyekuti ine chekuita nehupenyu hwemumwe munhu, saka haikanganwike, uye ndipo pane dambudziko - vanhu vanofarira kutaura nezvezviitiko zvehupenyu hwavo! Pane zvishoma zvaunogona kuita pamusoro peizvi, chete kana ukasarudza sarudzo dzemibvunzo yekuchengeteka kuitira kuti dzive zvishoma inogona kunge yakaburitswa nesocial engineering.
[Zvichaenderera mberi.]Pamusoro pekodzero dzekutsvaga
VDSina inopa yakavimbika , sevha yega yega yakabatana neInternet chiteshi che500 Megabits uye inodzivirirwa kubva kuDDoS kurwiswa mahara!
Source: www.habr.com