Take some work off your plate while beefing up security with three changes you can make today.

通過今天可以進行的三項更改來增強安全性，同時省下一些工作。

Unstable times are insecure times, and we’ve already got enough going on to deal with. When humans are busy and under stress, we tend to get lax in less-obviously-pressing areas, like the security of our online accounts.

不穩定的時期是不安全的時期，我們已經有足夠的時間來應對。 當人們忙于承受壓力時，我們傾向于在壓力不太明顯的領域放松，例如我們的在線帳戶的安全性。

These areas only become an obvious problem when it’s too late for prevention. Thankfully, most of the work necessary to keep up our cybersecurity measures can be outsourced.

只有為時已晚，這些領域才成為明顯的問題。 值得慶幸的是，保持我們的網絡安全措施所需的大部分工作都可以外包。

Implementing proper cybersecurity measures can be fiddly, and I especially dislike fiddling with things that I could avoid fiddling with.

實施適當的網絡安全措施可能很麻煩，而且我特別不喜歡擺弄我本可以避免擺弄的事情。

These fiddly things include resetting forgotten passwords, transferring multifactor authentication (MFA) codes when I change devices, and dealing with the fallout of compromised payment details in the event one of my accounts is still breached.

這些奇怪的事情包括重置忘記的密碼，在我更換設備時傳輸多因素身份驗證(MFA)代碼以及在我的一個帳戶仍然被盜的情況下處理泄露的付款明細的后果。

Here are three changes I’ve made that significantly reduce the chances of needing to fiddle with any of these things again. You can too.

這是我進行的三項更改，可顯著減少再次需要弄亂其中任何一項的機會。 你也可以

1密碼 (1Password)

I’ve historically avoided password managers because of an irrational knee-jerk reaction to putting all my eggs in one basket.

從歷史上看，我一直避免使用密碼管理器，因為對我所有的雞蛋都放在一個籃子里的React不理性。

You know what’s great for irrational reactions? Education. To figure out if putting all my passwords into a password manager is more secure than not using one, I set out to see what some smart people wrote about it.

您知道非理性React的最大好處嗎？ 教育。 為了弄清楚是否將我所有的密碼放入密碼管理器比不使用密碼管理器更安全，我著手看一些聰明的人寫的內容。

First, we need to know a thing or two about passwords. Troy Hunt figured out almost a decade ago that trying to remember strong passwords doesn’t work. In more recent times, Alex Weinert expanded on this in Your Pa$$word doesn’t matter.

首先，我們需要了解有關密碼的一兩件事。 特洛伊?亨特(Troy Hunt)大約在十年前就意識到試圖記住強密碼是行不通的 。 最近，Alex Weinert在“ 您的Pa $$單詞無關緊要”中對此進行了擴展。

TL;DR: our brains aren’t better at passwords than computers, and please use MFA.

TL; DR：我們的大腦在密碼方面并不比計算機強，請使用MFA。

So passwords don’t matter, but complicated passwords are still better than memorable and guessable ones.

因此，密碼并不重要，但是復雜的密碼仍然比令人難忘和容易猜測的密碼更好。

Since I’ve next to no hope of remembering a dozen variations of p/q2-q4! (I’m not a chess player), this is a task I can outsource to 1Password. I’ll still need to remember one, long, complicated master password - 1Password uses this to encrypt my data, so I really can’t lose it - but I can handle just one.

由于幾乎沒有希望記住p/q2-q4!的十二種變化p/q2-q4! (我不是國際象棋棋手 )，這是我可以外包給1Password的任務。 我仍然需要記住一個長而復雜的主密碼-1Password使用它來加密我的數據，因此我真的不會丟失它-但是我只能處理一個。

Using 1Password specifically has another, decidedly obvious, advantage. I chose 1Password because of their Watchtower feature. Thanks to Troy Hunt’s Have I Been Pwned, Watchtower will alert you if any of your passwords show up in a breach so you can change them. Passwords still don’t completely work, but this is probably the best band-aid there is.

特別使用1Password具有另一個明顯的優勢。 我選擇1Password是因為其具有守望臺功能。 多虧特洛伊·亨特(Troy Hunt)的“我已被盜” ，如果您的密碼出現違規行為，守望臺將提醒您，以便您更改密碼。 密碼仍然不能完全起作用，但這可能是最好的創可貼。

One last bonus is that using a password manager is a heck of a lot more convenient. Complicated passwords need not take two tries to type.

最后一個好處是使用密碼管理器更加方便。 復雜的密碼無需兩次嘗試輸入。

When it comes to sites that I only rarely use, and don’t consider important, I’m typically far more likely to end up (re)setting those passwords to something memorable, and thus something easily hacked. Even - perhaps especially - unimportant sites can open doors to your more important ones.

當涉及到我很少使用且不重要的網站時，我通常更有可能最終將這些密碼設置(重新設置)令人難忘的內容，從而容易被黑客竊取。 甚至-也許尤其是-不重要的網站都可以為您更重要的網站打開大門。

Using 1Password and generated passwords, those sites are now also first-class citizens in the land of strong passwords, instead of being half-abandoned and half-open attack vectors.

使用1Password和生成的密碼，這些站點現在也成為強密碼領域的一等公民，而不是被半棄半開的攻擊媒介。

So, yes, all my eggs are in one basket. A well-protected, complex, and monitored basket, as opposed to being scattered about in several of those paper cartons from the grocery store that don’t really close and certainly can’t survive a rather gentle bump as you come in the doorway, Victoria, how many times do I need to remind you to be careful.

所以，是的，我所有的雞蛋都放在一個籃子里。 一個保護良好，復雜且受監控的籃子，而不是散落在雜貨店的一些紙箱中，這些紙箱并沒有真正關閉，并且當您進入門口時肯定無法承受相當輕微的顛簸 ，維多利亞，我需要提醒您幾次。

Authy (Authy)

Okay - so it’s more like one-and-a-half baskets. 🤷🏻

好的-所以它更像是一個半籃子。 🤷🏻

Authy, from the folks over at Twilio, provides a 2FA solution that’s more secure than SMS (I find this to be an interesting intersection, coming from Twilio, and I applaud.) Unlike Google Authenticator, you can choose to back up your 2FA codes in case you lose or change your phone. (1Password offers 2FA functionality as well - but, you know, redundancies.)

來自Twilio的同事們的Authy提供了2FA解決方案，該解決方案比SMS更安全(我發現這是一個有趣的交叉點，來自Twilio，我為之鼓掌。) 與Google Authenticator不同 ，您可以選擇備份2FA代碼以防丟失或更換手機。 (1Password還提供2FA功能-但您知道有冗余。)

With Authy, your back up is encrypted with your password, similarly to how 1Password works. This makes it the second password you can’t forget, if you don’t want to lose access to your codes. If you reset your account, they all go away. I can deal with remembering two passwords; I’ll take that trade.

使用Authy，您的備份將使用密碼進行加密，類似于1Password的工作方式。 如果您不想失去對代碼的訪問權限，這將使其成為您無法忘記的第二個密碼。 如果您重置帳戶，它們都會消失。 我可以記住兩個密碼。 我接受那筆交易。

I’ve tried other methods of MFA, including hardware keys, which can make accessing accounts on your phone more complicated than I care to put up with. I find the combination of 1Password and Authy to be the most practical combination of convenience and security that yet exists in my knowledge.

我嘗試了MFA的其他方法，包括硬件密鑰，這會使我在手機上訪問帳戶的工作變得比我想忍受的要復雜。 我發現1Password和Authy的組合是我所知還不存在的便捷性和安全性的最實用組合。

Privacy.com (Privacy.com)

Finally, there’s one last line of defense you can put in place in the unfortunate event that one of your accounts is still compromised. All the strong passwords and MFA in the world won’t help if you open the doors yourself, and scams and phishing are a thing.

最后，在不幸的事件中，您的一個帳戶仍然被盜，可以采取最后一道防線。 如果您自己打開門，世界上所有強大的密碼和MFA都將無濟于事，而詐騙和網絡釣魚就是一回事。

Since it’s rather impractical to use a different real credit card every place you shop, virtual cards are just a great idea. There’s no good reason to spend an afternoon (or more) resetting your payment information on every account just to thwart a misbehaving merchant or patch up a data breach from that online shop for cute salt shakers you made a purchase at last year (just me?).

由于在您購物的每個地方都使用不同的真實信用卡是不切實際的，因此虛擬卡是一個好主意。 沒有充分的理由花一個下午(或更長時間)在每個帳戶上重置您的付款信息，以阻止行為不端的商人或修補該在線商店的數據泄露，以購買您去年購買的可愛的鹽瓶(只是我嗎？ )。

By setting up a separate virtual card for each merchant, in the event that one of those merchants is compromised, I can simply pause or delete that card. None of my other accounts or actual bank details are caught up in the process. Cards can have time-oriented limits or be one-off burner numbers, making them ideal for setting up subscriptions.

通過為每個商人設置單獨的虛擬卡，萬一其中一個商人遭到入侵，我可以簡單地暫停或刪除該卡。 在此過程中，我的其他任何帳戶或實際的銀行詳細信息都不會被捕獲。 卡可以有時間限制，也可以是一次性刻錄機號，使其成為設置訂閱的理想選擇。

This is the sort of basic functionality that I hope, one day, becomes more prevalent from banks and credit cards. In the meantime, I’ll keep using Privacy.com. That’s my referral link; if you’d like to thank me by using it, we’ll both get five bucks as a bonus.

我希望有一天，這種基本功能會在銀行和信用卡中變得越來越普遍。 同時，我將繼續使用Privacy.com 。 那是我的推薦鏈接； 如果您想通過使用它來感謝我，我們都會獲得五美元的獎勵。

外包更好的安全性 (Outsource better security)

All together, implementing these changes will probably take up an afternoon, depending on how many accounts you have. It’s worth it for the time you’d otherwise spend resetting passwords, setting up new devices, or (knock on wood) recovering from compromised banking details. ?

總之，實施這些更改可能需要一個下午的時間，具體取決于您擁有的帳戶數量。 如果您不花其他時間來重置密碼，設置新設備或(從敲門而出)從受到破壞的銀行詳細信息中恢復，那是值得的。

Best of all, you’ll have continual protection just running in the background - an effortless boost to your personal cybersecurity posture.

最重要的是，您會在后臺運行時得到持續的保護-毫不費力地增強了您的個人網絡安全狀況 。

We have the technology. Free up some brain cycles to focus on other things - or simply remove some unnecessary stress from your life by outsourcing the fiddly bits.

我們擁有技術。 騰出一些大腦周期來專注于其他事情-或通過將零碎的工作外包來消除生活中的不必要壓力。

翻譯自: https://www.freecodecamp.org/news/outsourcing-security-with-1password-authy-and-privacy-com/