正文
密码太多记不住 看管理密码的最佳利器
密码管理器真正有用的地方是让你的密码可以在各种设备上──电脑、手机和平板电脑──得到更新。(我排除了谷歌(Google) Chrome浏览器中内置的密码管理器和苹果(Apple)的iCloud,因为两者都不能更新我所有的设备上的密码。)
Dashlane works largely the same way on Android phones and tablets, automatically entering your passwords in apps, though not yet on the default Chrome browser. (The company says it is working on that.)
Dashlane在安卓系统(Android)的手机和平板上的工作方式大致相同,会自动在应用软件中输入你的密码,不过在默认的Chrome浏览器上还无法运作。(该公司说它正在解决这个问题。)
On iPhones and iPads, the Dashlane app allows you to copy and paste all of your logins and passwords into a browser, but can't fill them in for you because of Apple's programming rules. (The same problem afflicts most password managers except for PasswordBox, which has figured out a way to auto-login on a handful of big sites on mobile Safari.)
在iPhone和iPad上,Dashlane应用允许你将所有的登录名和密码复制、粘贴到浏览器,但碍于苹果公司的编程规则,它不能替你填写这些信息。(同样的问题还困扰着除PasswordBox以外的大多数密码管理器,PasswordBox已经找到一个办法在移动Safari浏览器上自动登录一些大的网站。)
If you share a computer with family members, Dashlane remembers multiple logins without asking you to set up profiles. And the company says it is close to launching a new families-and-teams version that will make it easier to sync passwords between people who share, say, an Amazon or Netflix account.
如果你与家人共用一台电脑,Dashlane不用让你设置配置文件就可以记住多个登录名。该公司说,它即将推出一款家庭-团队版本的新管理器,让那些共用亚马逊(Amazon)或网飞(Netflix)等账户的人之间可以更容易地同步密码。
Behind the scenes, Dashlane takes some important steps to secure your data. It never sends your master password over the Internet, and it protects your personal data using advanced encryption known as AES-256 before syncing it with your other devices via its servers. Neither Dashlane nor a hacker (or government agency) breaking into the company's systems could access your data without knowing your master password. This setup prevented Dashlane from even being vulnerable to the recent Heartbleed security catastrophe.
在幕后,Dashlane采取了几项重要措施保证你的数据安全。它永远不会在互联网上发送你的主密码,在通过其服务器将密码与你的其它设备同步之前,它使用一种名为AES-256的高级加密技术来保护你的个人数据。Dashlane和侵入公司系统的黑客(或者政府机构)如果不知道你的主密码,都无法获取你的数据。这种设置甚至让Dashlane避过了最近的Heartbleed安全漏洞一劫。
But if you really want to keep your stuff off the Internet, Dashlane gives you that option, too, though you'll need to sync passwords manually across devices. (The password manager that does the best offline syncing is 1Password.)
但如果你实在希望你的密码不出现在互联网上,Dashlane也会给你那样的选择,不过你需要在设备之间手动同步密码。(离线同步做得最好的密码管理器是1Password。)
OK, what happens if somebody manages to get your master password? That could happen if someone installs a piece of keylogging malware on your computer -- and is a good reminder that you should run antivirus software to keep such attacks at bay.
好了,要是有人设法获取了你的主密码怎么办呢?假如有人在你的电脑上安装了一款键盘记录恶意软件,这种事情很可能发生──这对你也是一个很好的提醒,你应该运行杀毒软件,将那样的攻击拒之门外。
But even if that happened, there's an additional layer of security: Dashlane won't let someone unlock your passwords on a new device without first entering an ever-changing code it sends directly to your phone or email.
不过,即便发生了那种事,另外还有一层安全保护措施:如果不先输入一个直接发送到你手机或电子邮件的随机验证码,Dashlane是不会让人在一台新设备上给密码解锁的。
This important two-step authentication is only available from Dashlane and LastPass, though PasswordBox says it is working on it. A 1Password spokesman says this additional authentication isn't helpful with its design, where there is no central silo of your data. But I think it helps to know if someone is trying to get into your stuff.
这种两步验证身份的重要手段只有Dashlane和LastPass才提供,而PasswordBox说它正在做这项工作。1Password的一名发言人说,这种附加的身份验证对于1Password的设计来说没有多大用处,1Password里没有你的中央数据库。但我认为假如有人试图进入你的地盘时,这种验证可以帮你了解状况。
Still, why should you trust Dashlane, a two-year-old startup with two million customers?
那么,你为何应该信任Dashlane这家有两年历史、两百万客户的初创企业呢?
Because selling security is the only way Dashlane makes money. And if you decide it is not worth $30 a year, Dashlane lets you export your password database in forms that can be read by you or another password manager.
因为Dashlane赚钱的唯一途径是卖安全。如果你认为一年30美元的费用有所不值,Dashlane允许以你或别的密码管理器可以读取的方式输出你的密码数据库。
You could even use the old-fashioned technique, and print out the database on paper. As crazy as that sounds, it's still safer than using the same password over and over again.
你甚至可以用老式的手段把数据库打印在纸上。虽然那听起来有点疯狂,但它还是比一遍又一遍地使用相同的密码更加安全。