r245fa物性_2FA应该是强制性的吗？

r245fa物性

With most people spending the foreseeable future working from home, I figured that it would be a good time to discuss password security. With the increasing amount of breaches every year, a strong password isn’t enough to stop you from getting hacked, even if it is salted and hashed. This is where two-factor authentication (2FA) steps in to help improve your security. As I have discussed in a previous article, enabling 2FA on all websites and applications that offer it is a quick way to make yourself more secure.

在大多数人度过可预见的未来在家工作的时候，我认为现在是讨论密码安全性的好时机。每年随着违规行为的增加，强密码即使阻止了攻击和散列，也不足以阻止您被黑客入侵。这是两因素身份验证(2FA)介入的地方，可帮助您提高安全性。正如我在上一篇文章中讨论的那样，在所有提供此功能的网站和应用程序上启用2FA是使自己更加安全的快速方法。

什么是2FA？ (What is 2FA?)

2FA is a subset of multi-factor authentication (MFA). MFA is an authentication method that requires you to present 2 or more pieces of evidence that you are who you say you are. 2FA is less strict than MFA since it only requires 2 pieces of evidence, also known as factors.

2FA是多因素身份验证 (MFA)的子集。 MFA是一种身份验证方法，要求您提供2个或更多证据，证明您是自己的真实身份。 2FA的要求不如MFA严格，因为2FA仅需要2条证据(也称为因素)。

有哪些因素？ (What are the factors?)

Depending on who you ask, there are anywhere from 3–5 different authentication factors that may be used by 2FA systems. However, most systems use the following 3 factors:

2FA系统可能会使用3–5种不同的身份验证因素，具体取决于您询问的人。但是，大多数系统使用以下三个因素：

Something you know: This is something that is only known to you. Some examples include a password or a bank PIN

您知道的东西：这是您唯一知道的东西。一些示例包括密码或银行PIN
Something you have: This is something that only you should have. Some examples include a bank card, a key card, or an RSA SecurID key

您拥有的东西：这是只有您应该拥有的东西。一些示例包括银行卡，钥匙卡或RSA SecurID密钥
Something you are: This is something that only you are. An example of this is a fingerprint.

你是什么：这是只有你的东西。指纹就是一个例子。

Using these 3 factors, you can create a secure 2FA system. The most common example of 2FA involves using a bank ATM. To use a bank ATM, you must insert your bank card (something that you have) and enter a bank PIN (something that you know).

使用这三个因素，您可以创建一个安全的2FA系统。 2FA的最常见示例涉及使用银行ATM。要使用银行ATM，您必须插入银行卡(您拥有的东西)并输入银行PIN(您知道的东西)。

The other 2 factors that some systems use are:

某些系统使用的其他两个因素是：

Location: This limits the locations that you can log in to a service from or uses your current location to track where you are logging in from to detect suspicious activity (such as logging in from two different locations at once)

位置：这限制了您可以从中登录服务的位置或使用当前位置来跟踪您要从中登录的位置以检测可疑活动(例如一次从两个不同的位置登录)
Time: This restricts logins to a specific time interval

时间：这将登录限制为特定时间间隔

我们为什么要使用它？ (Why should we use it?)

By enabling 2FA, you are adding another layer of security between your data and an attacker. It’s similar to a home security system. Everyone has locks on their doors, but some people go the extra mile and add home security systems, cameras, and other devices to increase their security and feel safer in their own homes. In this case, the lock on your front door is your password, and everything else, while not required, makes your home more secure if someone tries to break in.

通过启用2FA，您在数据和攻击者之间增加了另一层安全保护。它类似于家庭安全系统。每个人的门上都有锁，但有些人则加倍努力，增加了家庭安全系统，摄像头和其他设备，以提高安全性，并在自己的家中感到更安全。在这种情况下，您前门上的锁就是您的密码，如果有人试图闯入，则不需要做的其他所有事情都会使您的房屋更安全。

The trick lies in balancing security and convenience. You wouldn’t use a home security system that required you to remember a 32 digit code, perform a retina scan, and restricted your ability to leave the house after 10 PM. These features, while being extremely secure, are too invasive to be used by a regular homeowner. A convenient amount of security is provided simply by using a 4 digit code that you must enter on a keypad when you leave your house. Similarly, 2FA should be easy and seamlessly integrated into the application otherwise users won’t use it.

诀窍在于平衡安全性和便利性。您不会使用需要记住32位代码，执行视网膜扫描以及限制晚上10点后离开房屋的家庭安全系统。这些功能虽然非常安全，但具有侵入性，无法被普通房主使用。只需使用离开家时必须在键盘上输入的4位数字代码，即可提供方便的安全保护。同样，2FA应该容易且无缝地集成到应用程序中，否则用户将不会使用它。

如何实施？ (How is it implemented?)

Today, many of the most common applications and websites offer 2FA such as Google, Facebook, Twitter, Steam, and Amazon. There are 4 main ways of implementing 2FA that affect how a user logs in to an application:

如今，许多最常见的应用程序和网站都提供2FA，例如Google ， Facebook ， Twitter ， Steam和Amazon 。有两种主要的实现2FA的方式会影响用户登录应用程序的方式：

SMS Message: Upon entering their username and password, a text message is sent to the user with a code that must be entered to log in to the application.

SMS消息 ：输入用户名和密码后，会向用户发送一条短信，其中包含必须输入的代码才能登录到应用程序。
Email: Upon entering their username and password, an email is sent to the users' email address and may either contain a code that must be entered or a link to the website.

电子邮件 ：输入用户名和密码后，电子邮件将发送到用户的电子邮件地址，并且可能包含必须输入的代码或网站的链接。
Security Keys: Upon entering their username and password, the user will be prompted to enter a code displayed on a physical key device that they carry with them. The most common example of this is the RSA SecurID token.

安全密钥 ：输入用户名和密码后，将提示用户输入显示在其附带的物理密钥设备上的密码。最常见的示例是RSA SecurID令牌。
Authentication App: Upon entering their username and password, a push notification is sent from an app on the users' phone that contains a time-sensitive code that they can use to log in to the application. The Steam authenticator is shown below.

身份验证应用程序 ：输入用户名和密码后，就会从用户手机上的应用程序发送推送通知，其中包含对时间敏感的代码，用户可以使用该代码登录应用程序。 Steam验证器如下所示。

Example code from the Steam Guard Authenticator. This code expires every 15 seconds.

如何妥协？ (How can it be compromised?)

2FA is not perfect, it can still be breached by attackers. Below are 4 ways that an attacker can compromise a 2FA account. Some of these methods depend on weaknesses in the implementation of 2FA on the applications side, while others can be executed on fully secured systems through social engineering.

2FA并非十全十美，仍然可以被攻击者破坏。攻击者可以通过以下4种方式来破坏2FA帐户。这些方法中的一些方法依赖于应用程序端2FA实施中的弱点，而其他方法则可以通过社交工程在完全安全的系统上执行。

Phishing: If a victim is lured to a fake login page, the attacker can take the credentials (username/password) entered by the victim and forward them to the real login page. The real login page will then ask the attacker for a 2FA code that is sent to the victim. The attacker then prompts the victim for the 2FA code that they received on their phone, which they then forward to the real login page. It should be noted that this attack is even easier without 2FA enabled, as it would only require the attacker to prompt the victim for their username and password.

网络钓鱼：如果诱使受害者进入虚假的登录页面，则攻击者可以获取受害者输入的凭据(用户名/密码)并将其转发到真实的登录页面。然后，真实的登录页面将向攻击者询问发送给受害者的2FA代码。然后，攻击者会提示受害者输入他们在手机上收到的2FA代码，然后将其转发到真实的登录页面。应当指出的是，如果没有启用2FA，此攻击将更加容易，因为它仅要求攻击者提示受害者输入用户名和密码。

An Example Phishing attack on a 2FA banking login page. Here Bob provides his credentials and 2FA code to a fake login page that then forwards the information to the real bank and is then able to log in to Bob's bank account.

Password Reset: On many applications, 2FA can be bypassed by using the “Forgot your password” function. Your email address must already be compromised for this attack to work.

密码重置：在许多应用程序中，可以使用“忘记密码”功能来绕过2FA。您的电子邮件地址必须已经被破坏，此攻击才能起作用。
Brute Force: An attacker may be able to attempt all of the combinations of letters and numbers that make up the 2FA code. There is not much that you as a user can do to prevent this. A good 2FA implementation will restrict the number of attempts at guessing the 2FA code and will also make the 2FA code work for a short period (for example 20 seconds after entering your username and password).

蛮力攻击：攻击者可能会尝试组成2FA代码的字母和数字的所有组合。作为用户，您可以做很多事情来防止这种情况。良好的2FA实施将限制尝试猜测2FA代码的次数，并使2FA代码在短时间内(例如，输入用户名和密码后20秒)工作。
Third-Party Login: If you use “Login with Facebook” to skip creating an account for certain websites, you are putting yourself more at risk if your Facebook account gets compromised.

第三方登录 ：如果您使用“使用Facebook登录”来跳过为某些网站创建帐户的权限，那么如果您的Facebook帐户遭到入侵，您将面临更大的风险。

应该是强制性的吗？ (Should it be mandatory?)

Now that we understand what 2FA is, how it’s implemented and some possible ways around it from an attacker's perspective, it’s time to answer the question. In my opinion, 2FA should be mandatory for all consumer applications and any internal applications that deal with important or sensitive data. Offering 2FA makes applications more secure while not sacrificing many conveniences on the users' end. There are many ways to implement 2FA and companies can choose the one that works for them the best.

既然我们已经了解了2FA，它是如何实现的以及从攻击者的角度来解决它的一些可能方法，现在该回答这个问题了。我认为，对于所有消费者应用程序和处理重要或敏感数据的任何内部应用程序，2FA应该是强制性的。提供2FA可以使应用程序更安全，同时又不牺牲用户端的许多便利。实施2FA的方法有很多，公司可以选择最适合他们的方法。

However, it’s important to note that making 2FA mandatory will not solve all of our security problems. Adding 2FA does add another system that can potentially fail, leading to system downtime or customer complaints. As has been shown above, there are still many ways to get around 2FA as an attacker. Many of these attacks have nothing to do with faults in the implementation of 2FA and instead target the users of it.

但是，需要注意的是，强制2FA并不能解决我们所有的安全问题。添加2FA确实会添加另一个可能发生故障的系统，从而导致系统停机或客户投诉。如上所示，仍然有很多方法可以绕过2FA作为攻击者。这些攻击中有许多与2FA实施中的错误无关，而是针对2FA的用户。

As always, there is no silver bullet to security. You are never 100% secure and your data is never 100% safe. Any additional protections that you put in place are there to decrease the probability that you will get hacked and to reduce the damage caused by getting hacked.

与往常一样，没有安全的灵丹妙药。您永远不会100％安全，数据也永远不会100％安全。您采取的任何其他保护措施都可以降低被黑客入侵的可能性，并减少因被黑客入侵而造成的损失。

翻译自: https://medium.com/swlh/should-2fa-be-mandatory-b479b22ca685

r245fa物性

查看全文

http://www.taodudu.cc/news/show-4866535.html

惠州菜鸟机器人_菜鸟智能配送机器人小G上岗一次能装10多个包裹
智能配送应用的简单介绍
无人配送“战斗员”新星，PIX助力创新企业逆讯发布智能物流机器人
配送中心的自动化与智能化(zt)
智能服务机器人简介
rosslam智能小车
迎接现代物流新阶段计算物流智能配送
仓储+调度，YOGO智能配送站能否改变外卖配送格局？...
开启终端无人化系统配送新格局 YOGO Robot发布Station机器人智能配送站
仓储+调度，YOGO智能配送站能否改变外卖配送格局？
第七届全国大学生工程训练综合能力竞赛（工训赛）智能配送无人机赛项省赛心得
解析美团外卖智能配送的AI技术原理（附PPT）
智能配送系统的运筹优化实战
无人智能配送机器人现状
Android终端Qos
判断是ios终端还是安卓终端
移动端 --- 区分苹果终端和安卓终端
获取android终端型号,Android 获取信息终端
Android终端启用adb功能
Android终端Termux安装Scrapy
Android 终端推流-采集
Android 终端性能测试
android linux终端,为Android安装Linux终端仿真与环境APP
android 终端运行 vim / vi 命令执行失败 busybox解决之
在 Android 中执行 Linux 终端命令
安卓终端使用gcc
Android终端测试-常用的ADB命令
Android超级终端之Termux(1)
地图切图工具：批量标注功能需要安装Firebird数据库
天地图标注获取与修改并保存信息