គោយន្តមិនស្តាប់បញ្ជា

In late 2010, the well known site Gawker and a few different sites claimed by the Gawker Media gathering were broken by programmers who stole the usernames and passwords of more than 1.5 million individuals. The programmers distributed the stolen login accreditations, uncovering that a great many individuals essentially utilized "secret key" as their watchword. Realizing that numerous individuals utilize the same secret word on various sites, spammers utilized the stolen Gawker login accreditations to get to a huge number of records on different sites including Twitter and LinkedIn, with the end goal of spreading spam and malevolent connections.

 

The occurrence is not interesting. In 2009, an information rupture uncovered the usernames and passwords of 32 million clients of the social site RockYou.com and its assessed that 10 percent of those login certifications could likewise be utilized to get to those people groups' PayPal records! These breaks uncover the poor secret word practices of most Internet clients and show how effortlessly programmers exploit those practices to trade off countless crosswise over a wide range of sites - even those sites that generally have solid security.

It's anything but difficult to lay fault on the clients for having picked powerless passwords and utilizing the same secret key on numerous sites, yet without a doubt individuals basically can't recollect an alternate solid watchword for each site they enlist with. Security specialists encourage individuals to have solid passwords with no less than 12 arbitrary characters including letters, numbers and images, however the normal client has more than 25 online records. The intellectual weight of recollecting such a large number of solid passwords is overpowering, so individuals resort to old propensities regardless of the security dangers.

To enhance secret word hones on the Web - and subsequently enhance security over all sites - the weight can't lay exclusively on clients. A late study by Cambridge scientists demonstrated that most sites are blameworthy of having feeble confirmation gauges and empowering awful secret key practices by clients. Of the sites examined, under 3% obliged passwords to be more than six characters in length, just 1% obliged clients to incorporate non-alphanumeric images in their watchword, and just 9% performed a straightforward lexicon check to keep clients from picking "secret word" as their watchword.

The interconnected way of the Web, the domino impact of poor secret key practices, and the measure of delicate data imparted and put away online implies that more sites must make solid validation models a need. The accessibility of picture based validation arrangements make it simple for sites to utilize one-time passwords for logins, which can supplant passwords totally or be added to the secret word to fortify the security of the login regardless of the possibility that the client has a frail watchword. The broad utilization of portable cell phones makes it workable for purchaser confronting sites to utilize two-element confirmation without utilizing tokens, keen cards or biometrics - instruments that normally are not down to earth for utilization on customer confronting sites.