Users re-use passwords for multiple services. |
itilizatè re itilize modpas yo pou plizyè sèvis |
If an attacker gains access to one server and can gain a list of passwords, he may be able to use this password to attack other services. |
Si yon akè jwenn aksè nan yon sèvè epi li ka jwenn yon lis modpas, li ka itilize modpas sa a pou atake lòt sèvis yo. |
Therefore, only password hashes may be stored. |
Se poutèt sa, se sèlman hash modpas ki ta dwe estoke. |
Secure hashing algorithms are easy to use in most languages and ensure the original password cannot be easily recovered and that wrong passwords are not falsely accepted. |
Algoritm hash sekirize yo fasil pou itilize nan pifò langaj pwogramasyon epi yo asire ke modpas orijinal la pa ka fasilman jwenn epi pa aksepte modpas ki pa kòrèk . |
Adding salts to the password hashes prevents the use of rainbow tables and significantly slows down brute-force attempts. |
Ajoute sèl nan hash modpas yo anpeche itilizasyon tab rainbow epi li ralanti anpil tantativ atak fòs brital yo. |
Strengthening slows both off-line brute-force attacks against stolen hashes and on-line brute-force in case the rate limiting fails. |
modpas ki Fò yo ralanti tantativ atak fòs brital kont ki pa aktif hash ki vòlè yo, epi tou an liy si limitasyon pousantaj la echwe. |
However, it increases CPU load on the server and would open a vector for DDoS attacks if not prevented with login attempt limiting. |
Sepandan, sa ogmante chaj CPU a sou sèvè a epi li ka ouvri yon vektè pou atak DDoS si yo pa prevni ak limitasyon tantativ koneksyon yo. |
A good strengthening can slow down off-line brute-force attacks down by a factor of 10000 or more. |
Yon bon fòmasyon modpas ka ralanti atak fòs brital offline yo pa yon faktè 10,000 oswa plis. |
Limiting login attempts is necessary to prevent on-line brute-force attacks and DoS via the CPU usage of the password strengthening procedure. |
Limite tantativ koneksyon yo nesesè pou anpeche atak fòs brital sou entènèt ak atak DoS atravè itilizasyon CPU nan pwosedi ranfòsman modpas la. |
Without a limit, an attacker can try a very large number of passwords directly against the server. |
San yon limit, yon akè ka eseye yon gwo kantite modpas dirèkteman kont sèvè a. |
Assuming 100 attempts per second, which is reasonable for a normal web server, no significant strengthening and an attacker working with multiple threads, this would result in 259,200,000 passwords tried in a single month! |
Si nou sipoze 100 tantativ pa segonn, ki rezonab pou yon sèvè entènèt nòmal, san okenn ranfòsman siyifikatif ak yon atakan k ap travay ak plizyè fil ekzekisyon, sa ta rezilta nan 259,200,000 modpas eseye nan yon sèl mwa! |
Not enforcing any password policies will lead to too many users choosing “123456”, “qwerty” or “password” as their password, opening the system up for attack. |
Pa enpoze okenn politik modpas ap fè anpil itilizatè chwazi "123456", "qwerty" oswa "password" kòm modpas yo, sa ki ap ouvri sistèm nan pou atak. |
Enforcing too strict password policies will force users to save passwords or write them down, generally annoy them and foster re-using the same password for all services. |
Enpoze politik modpas ki twò strik ap fòse itilizatè yo sove modpas yo oswa ekri yo, sa ap anmèd yo jeneralman epi ankouraje yo itilize menm modpas la pou tout sèvis yo. |
Furthermore, users using secure passwords not matching the policies may be forced to use passwords which are harder to remember, but not necessarily secure. |
Anplis de sa, itilizatè yo ki itilize modpas sekirize ki pa matche ak politik yo ka oblije itilize modpas ki pi difisil pou sonje, men ki pa nesesèman sekirize. |
A password consisting of 5 concatenated, randomly (!) chosen lowercase dictionary words is significantly more secure than an eight-character password consisting of mixed case letters, numbers and punctuation. |
Yon modpas ki fèt ak 5 mo diksyonè miniskil ki chwazi o aza, konekte youn apre lòt, se anpil plis sekirize pase yon modpas uit karaktè ki fèt ak lèt melanje (majiskil ak miniskil), chif ak ponktiyasyon. |
Take this into account if you do not get a password policy to implement, but have to design your own. |
Pran sa an kont si ou pa jwenn yon politik modpas pou aplike, men ou gen pou konsevwa pwòp ou a. |