Users re-use passwords for multiple services. |
Watumiaji hutumia tena nywila kwa huduma nyingi. |
If an attacker gains access to one server and can gain a list of passwords, he may be able to use this password to attack other services. |
Mshambulizi akipata ufikiaji wa seva moja na anaweza kupata orodha ya manenosiri, anaweza kutumia nenosiri hili kushambulia huduma zingine. |
Therefore, only password hashes may be stored. |
Kwa hivyo, heshi za nenosiri pekee ndizo zinaweza kuhifadhiwa. |
Secure hashing algorithms are easy to use in most languages and ensure the original password cannot be easily recovered and that wrong passwords are not falsely accepted. |
Algorithms salama ya hashing ni rahisi kutumia katika lugha nyingi na hakikisha nenosiri asili haliwezi kupatikana kwa urahisi na kwamba manenosiri yasiyo sahihi hayakubaliwi kwa uwongo. |
Adding salts to the password hashes prevents the use of rainbow tables and significantly slows down brute-force attempts. |
Kuongeza chumvi kwenye heshi za nenosiri huzuia matumizi ya meza za upinde wa mvua na kupunguza kasi ya majaribio ya kutumia nguvu. |
Strengthening slows both off-line brute-force attacks against stolen hashes and on-line brute-force in case the rate limiting fails. |
Kuimarisha kunapunguza mashambulizi ya nguvu ya nje ya mtandao dhidi ya heshi zilizoibwa na nguvu ya kinyama ya mtandaoni endapo kikomo cha kasi kitashindwa. |
However, it increases CPU load on the server and would open a vector for DDoS attacks if not prevented with login attempt limiting. |
Walakini, huongeza upakiaji wa CPU kwenye seva na ingefungua vekta kwa shambulio la DDoS ikiwa haitazuiliwa na kikomo cha jaribio la kuingia. |
A good strengthening can slow down off-line brute-force attacks down by a factor of 10000 or more. |
Uimarishaji mzuri unaweza kupunguza kasi ya mashambulizi ya nguvu ya nje ya mtandao kwa sababu ya 10000 au zaidi. |
Limiting login attempts is necessary to prevent on-line brute-force attacks and DoS via the CPU usage of the password strengthening procedure. |
Kuzuia majaribio ya kuingia ni muhimu ili kuzuia mashambulizi ya kutumia nguvu mtandaoni na DoS kupitia matumizi ya CPU ya utaratibu wa kuimarisha nenosiri. |
Without a limit, an attacker can try a very large number of passwords directly against the server. |
Bila kikomo, mshambulizi anaweza kujaribu idadi kubwa sana ya nywila moja kwa moja dhidi ya seva. |
Assuming 100 attempts per second, which is reasonable for a normal web server, no significant strengthening and an attacker working with multiple threads, this would result in 259,200,000 passwords tried in a single month! |
Kwa kuchukulia majaribio 100 kwa sekunde, ambayo ni sawa kwa seva ya wavuti ya kawaida, hakuna uimarishaji mkubwa na mshambuliaji anayefanya kazi na nyuzi nyingi, hii itasababisha nywila 259,200,000 zilizojaribiwa kwa mwezi mmoja! |
Not enforcing any password policies will lead to too many users choosing “123456”, “qwerty” or “password” as their password, opening the system up for attack. |
Kutotekeleza sera zozote za nenosiri kutasababisha watumiaji wengi kuchagua "123456", "qwerty" au "nenosiri" kama nenosiri lao, na hivyo kufungua mfumo kwa mashambulizi. |
Enforcing too strict password policies will force users to save passwords or write them down, generally annoy them and foster re-using the same password for all services. |
Kutekeleza sera kali za nenosiri kutawalazimu watumiaji kuhifadhi manenosiri au kuyaandika, kwa ujumla huwaudhi na kuhimiza utumiaji wa nenosiri sawa kwa huduma zote. |
Furthermore, users using secure passwords not matching the policies may be forced to use passwords which are harder to remember, but not necessarily secure. |
Zaidi ya hayo, watumiaji wanaotumia manenosiri salama yasiyolingana na sera wanaweza kulazimika kutumia manenosiri ambayo ni magumu kukumbuka, lakini si salama. |
A password consisting of 5 concatenated, randomly (!) chosen lowercase dictionary words is significantly more secure than an eight-character password consisting of mixed case letters, numbers and punctuation. |
Nenosiri linalojumuisha maneno 5 ya kamusi yaliyounganishwa, bila mpangilio (!) yaliyochaguliwa kwa herufi ndogo ni salama zaidi kuliko nenosiri lenye herufi nane linalojumuisha herufi mchanganyiko, nambari na uakifishaji. |
Take this into account if you do not get a password policy to implement, but have to design your own. |
Zingatia hili ikiwa hupati sera ya nenosiri ya kutekeleza, lakini unapaswa kuunda yako mwenyewe. |