密码的管理和使用
一个弱口令往往是入侵的突破口之一。
拿IT从业者云集的CSDN600多万个密码统计出来的一个使用频次最高的密码列表,绝对是弱口令的佼佼者。
如下,弱口令不仅限于以下密码:
| 重复次数 | 密码 | 占比 |
|---|---|---|
| 235012 | 123456789 | (5.82013097845522) |
| 212749 | 12345678 | (5.26878221339919) |
| 76346 | 11111111 | (1.89072779126658) |
| 46053 | dearbook | (1.14051406715741) |
| 34952 | 00000000 | (0.865595024760297) |
| 19986 | 123123123 | (0.494958290365624) |
| 17790 | 1234567890 | (0.440573800940881) |
| 15033 | 88888888 | (0.372296006157632) |
| 6995 | 111111111 | (0.173232925102949) |
| 5965 | 147258369 | (0.14772471740373) |
| 5553 | 987654321 | (0.137521434324042) |
| 5459 | aaaaaaaa | (0.135193500805861) |
| 5145 | 1111111111 | (0.127417212245128) |
| 5025 | 66666666 | (0.124445382221918) |
| 4435 | a123456789 | (0.109833884607803) |
| 4096 | 11223344 | (0.101438464792234) |
| 3667 | 1qaz2wsx | (0.0908141724592587) |
| 3649 | xiazhili | (0.0903683979557772) |
| 3610 | 789456123 | (0.0894025531982339) |
| 3501 | password | (0.0867031409271515) |
| 3281 | 87654321 | (0.0812547858845999) |
| 3277 | qqqqqqqq | (0.0811557248838262) |
| 3175 | 000000000 | (0.0786296693640977) |
| 3143 | qwertyuiop | (0.0778371813579084) |
| 3094 | qq123456 | (0.076623684098431) |
| 3080 | iloveyou | (0.0762769705957231) |
| 3061 | 31415926 | (0.0758064308420482) |
| 2985 | 12344321 | (0.0739242718273486) |
| 2885 | 0000000000 | (0.0714477468080069) |
| 2826 | asdfghjkl | (0.0699865970465953) |
| 2796 | 1q2w3e4r | (0.0692436395407928) |
| 2580 | 123456abc | (0.0638943454990148) |
| 2578 | 0123456789 | (0.063844814998628) |
| 2573 | 123654789 | (0.0637209887476609) |
| 2540 | 12121212 | (0.0629037354912782) |
| 2515 | qazwsxedc | (0.0622846042364428) |
| 2396 | abcd1234 | (0.0593375394634262) |
| 2380 | 12341234 | (0.0589412954603315) |
| 2348 | 110110110 | (0.0581488074541422) |
| 2296 | asdasdasd | (0.0568610144440845) |
| 2243 | 22222222 | (0.0555484561838334) |
| 2166 | 123321123 | (0.0536415319189404) |
| 2160 | abc123456 | (0.0534929404177799) |
| 2138 | a12345678 | (0.0529481049135247) |
| 2131 | 123456 | (0.0527747481621708) |
| 2113 | 123456123 | (0.0523289736586893) |
| 2106 | a1234567 | (0.0521556169073354) |
| 2100 | 1234qwer | (0.0520070254061749) |
| 1989 | qwertyui | (0.0492580826347056) |
| 1986 | 123456789a | (0.0491837868841254) |
| 1971 | aa123456 | (0.0488123081312241) |
| 1918 | asdfasdf | (0.047499749870973) |
| 1891 | 99999999 | (0.0468310881157508) |
| 1859 | 123456aa | (0.0460386001095615) |
| 1859 | 999999999 | (0.0460386001095615) |
| 1854 | 123456123456 | (0.0459147738585944) |
| 1699 | 520520520 | (0.0420761600786148) |
| 1656 | 963852741 | (0.0410112543202979) |
| 1652 | 55555555 | (0.0409121933195242) |
| 1652 | 741852963 | (0.0409121933195242) |
| 1589 | 33333333 | (0.039351982557339) |
| 1480 | qwer1234 | (0.0366525702862566) |
| 1384 | asd123456 | (0.0342751062676886) |
| 1339 | 77777777 | (0.0331606700089848) |
| 1316 | qweasdzxc | (0.0325910692545363) |
| 1285 | code8925 | (0.0318233464985403) |
| 1273 | 11112222 | (0.0315261634962193) |
| 1268 | ms0083jxj | (0.0314023372452523) |
| 1245 | zzzzzzzz | (0.0308327364908037) |
| 1214 | 111222333 | (0.0300650137348078) |
| 1206 | qweqweqwe | (0.0298668917332604) |
| 1200 | 3.1415926 | (0.0297183002320999) |
| 1183 | 123456qq | (0.0292972909788118) |
| 1148 | 147852369 | (0.0284305072220423) |
| 1136 | 521521521 | (0.0281333242197213) |
| 1119 | asdf1234 | (0.0277123149664332) |
| 1111 | 123698745 | (0.0275141929648858) |
| 1109 | 1123581321 | (0.027464662464499) |
| 1058 | asdfghjk | (0.0262016347046348) |
| 1054 | q1w2e3r4 | (0.0261025737038611) |
| 1037 | 12345678a | (0.025681564450573) |
| 1003 | woaini1314 | (0.0248395459439969) |
| 991 | 1234abcd | (0.0245423629416759) |
| 988 | 123qweasd | (0.0244680671910956) |
| 975 | 1qazxsw2 | (0.0241461189385812) |
| 967 | woaiwojia | (0.0239479969370339) |
| 920 | 321321321 | (0.0227840301779433) |
| 910 | 05962514787 | (0.0225363776760091) |
| 894 | 123456987 | (0.0221401336729144) |
| 892 | kingcom5 | (0.0220906031725276) |
| 882 | 5845201314 | (0.0218429506705934) |
| 882 | zxcvbnm123 | (0.0218429506705934) |
| 852 | 0987654321 | (0.0210999931647909) |
| 847 | wwwwwwww | (0.0209761669138239) |
| 835 | 11111111111111111111 | (0.0206789839115029) |
| 805 | 12345600 | (0.0199360264057004) |
| 783 | 11235813 | (0.0193911909014452) |
| 777 | 1q2w3e4r5t | (0.0192425994002847) |
| 772 | 10101010 | (0.0191187731493176) |
| 770 | 123456asd | (0.0190692426489308) |
| 765 | lilylily | (0.0189454163979637) |
| 744 | 12345612 | (0.018425346143902) |
| 741 | 5201314520 | (0.0183510503933217) |
| 740 | 1234554321 | (0.0183262851431283) |
| 732 | 12301230 | (0.018128163141581) |
| 729 | woshishui | (0.0180538673910007) |
| 727 | 123456654321 | (0.0180043368906139) |
| 726 | xiaoxiao | (0.0179795716404205) |
| 713 | qwe123456 | (0.017657623387906) |
| 708 | woaini123 | (0.017533797136939) |
| 702 | 111111 | (0.0173852056357785) |
| 693 | 1122334455 | (0.0171623183840377) |
| 685 | 12369874 | (0.0169641963824904) |
| 680 | 12345679 | (0.0168403701315233) |
| 669 | 100200300 | (0.0165679523793957) |
| 657 | ffffffff | (0.0162707693770747) |
| 651 | buzhidao | (0.0161221778759142) |
| 650 | 44444444 | (0.0160974126257208) |
| 649 | woainima | (0.0160726473755274) |
| 642 | z123456789 | (0.0158992906241735) |
| 623 | 1234567a | (0.0154287508704985) |
| 621 | 123456aaa | (0.0153792203701117) |
| 618 | qazwsx123 | (0.0153049246195315) |
| 616 | ssssssss | (0.0152553941191446) |
| 608 | wojiushiwo | (0.0150572721175973) |
| 601 | 25257758 | (0.0148839153662434) |
| 592 | 123321aa | (0.0146610281145026) |
| 589 | 1357924680 | (0.0145867323639224) |
| 585 | aaa123456 | (0.0144876713631487) |
| 578 | 369258147 | (0.0143143146117948) |
| 572 | 321654987 | (0.0141657231106343) |
| 571 | q123456789 | (0.0141409578604409) |
| 570 | qaz123456 | (0.0141161926102475) |
| 567 | 1233211234567 | (0.0140418968596672) |
| 567 | 9876543210 | (0.0140418968596672) |
| 565 | wocaonima | (0.0139923663592804) |
| 562 | 1234567b | (0.0139180706087001) |
| 562 | zhang123 | (0.0139180706087001) |
| 561 | woaini520 | (0.0138933053585067) |
| 559 | csdncsdn | (0.0138437748581199) |
| 559 | google250 | (0.0138437748581199) |
| 556 | yangyang | (0.0137694791075396) |
| 553 | 5845211314 | (0.0136951833569594) |
| 536 | 369369369 | (0.0132741741036713) |
| 535 | 20082008 | (0.0132494088534779) |
| 532 | 135792468 | (0.0131751131028976) |
| 525 | 299792458 | (0.0130017563515437) |
| 521 | dddddddd | (0.0129026953507701) |
| 519 | zxczxczxc | (0.0128531648503832) |
| 504 | computer | (0.012481686097482) |
| 501 | qwerasdf | (0.0124073903469017) |
为什么我们要使用弱口令
还有比方便和便于记忆这个更好的理由吗?
弱口令戳中了哪些痛点?
- 便于记忆
- 便于输入
弱口令就不能使用吗?这倒未必,看使用场景吧。
比如一些安全性较低的网站,而你注册后,可能又不会登记敏感的资料,这就可以使用弱口令。
从而避免网站被入侵后,黑客获取你的密码,社工渗透到你其它敏感的账户。
那么问题来了,应该在怎样的网站使用怎样的密码呢?
这里我说说我个人管理密码的一些策略吧。
密码的使用场景和应用
- 高频次使用,可以记录密码
- 高频次使用,不能记录密码,要手动输入
- 低频次密码,可以记录密码
- 低频次密码,要手动输入
1、 3、 4这种情况,建议还是使用生成的密码,无规律,很大程度可以防止被社工出密码,然后在登录的时候选择记住密码就可以了,现在基本浏览器、app大多都支持记住密码。再配合密码管理工具防止遗忘密码,基本不会与什么问题。
一次麻烦长久受益!
我觉得问题最大这种是高频次使用,但是不能记录密码的。
举个栗子:支付宝等支付密码、keepassx
建议使用比较强壮的密码,可以的话,大小写数字特殊符号混合,长度不小于8位。
这类密码自己可以设计多几套,按场景使用。
密码管理工具
个人是强烈建议使用Keepass的,如果配合TrueCrypt,那就安全性大大增强了。
它有如下优点:
- 跨平台 windows mac linux Android iPhone 均可以使用
- 自动输入密码
- 密码生成
- 密码记录
- 密码分类管理
你还会因为怕输入麻烦和忘记密码而使用弱口令吗?
其它密码生成网站推荐:
参考资料
