qq密码终结者

tech2023-05-18  98

qq密码终结者

About 6 years ago I wrote a piece on the concept of 'browser fingerprinting'. This was a way of identifying a returning visitor by recognizing their browser and OS – EVEN if they were blocking all cookies.

大约6年前,我写了一篇有关“ 浏览器指纹 ”概念的文章。 这是通过识别访问者的浏览器和操作系统(甚至阻止了所有cookie来识别访问者的一种方法)。

At first glance, this sounded unlikely. After all, how many millions of people are using Chrome on OSX?

乍一看,这听起来不太可能。 毕竟,有数百万人在OSX上使用Chrome?

But think about it:

但是考虑一下:

How many are using exactly your version of Chrome?

到底有多少人使用的是您的Chrome版本?

on the same OS version?

在同一OS版本上?

with precisely your plugins?

与您的插件?

and sharing your timezone?

并分享您的时区?

and using your screen resolution?

并使用您的屏幕分辨率?

with precisely your list of available fonts?

精确列出您的可用字体?

The field narrows quickly.

领域Swift缩小。

As with traditional fingerprint matching, small parts of any given fingerprint may well match thousands of other fingerprints. But none of them match all parts of another fingerprint exactly. That's what makes fingerprints so useful.

与传统的指纹匹配一样,任何给定指纹的一小部分都可能与数千个其他指纹匹配。 但是它们都不能 完全匹配另一个指纹的所有部分。 这就是使指纹如此有用的原因。

It turned out our web browsers weren't that different to our thumbs. The closer you look at them, the more different they appear. It's an idea that is almost as cool as it is creepy.

事实证明,我们的网络浏览器与我们的拇指并没有什么不同。 您越仔细地看它们,它们就会显得越不同。 这个想法几乎和令人毛骨悚然一样酷。

In fact, AmIUnique.org still demonstrates how it works in practice.

实际上, AmIUnique.org仍在演示其工作原理 。

算盘项目:提高爬行能力? (Project Abacus: Cranking the Creepiness?)

Now Google wants to apply a similar idea to your body to kill the password. It turns out that, like browsers, we have all accumulated our own ticks, personal habits, and patterns that make us measurably different from each other. These include:

现在,Google希望对您的身体采用类似的想法以杀死密码。 事实证明,就像浏览器一样,我们都积累了自己的壁虱,个人习惯和模式,这使我们彼此之间有明显的不同。 这些包括:

the pattern of our typing

我们打字的方式 the rhythm of our walk

我们走路的节奏 where we’re located

我们所在的位置 the way our face works

我们脸部工作的方式 the tone of our conversations

我们谈话的语气

Looking at these as a whole can apparently generate a 'unique ID' for any user.

从整体上看,这些显然可以为任何用户生成一个“唯一ID”。

Regina Dugan at I/O

Regina Dugan在I / O上

In fact, last year, Regina Dugan gave a great (6min) explanation on Project Abacus at Google I/O.

实际上,去年, 里贾纳·杜甘(Regina Dugan)在Google I / O 上对Project Abacus进行了精彩的解释(6分钟) 。

As a concept, it certainly has some cool advantages.

作为一个概念,它当然具有一些很酷的优点。

As is the case with traditional passwords and signatures, none of these individual characteristics are beyond copying.

与传统的密码和签名一样,这些单独的特征均不可复制。

But unlike reproducing a signature – the current system you used to authorize your passport, license, and credit cards – it's harder to know exactly what you're copying in Abacus.

但是,与复制签名(您用来授权护照,许可证和信用卡的当前系统)不同的是,要确切地知道要在Abacus中复制的内容更加困难。

For example, with 10-minutes practice you might be able to mimic your best friend's signature, but could you accurately mimic their walk? Or their swipes? As well as their vocal tone? All at the same time?

例如,经过10分钟的练习,您也许可以模仿您最好的朋友的签名,但是您可以准确地模仿他们的走路吗? 还是他们的滑动? 以及他们的声调? 都在同一时间?

持续认证 (Constant Authentication)

Trust Score in action

信任分数行动

The other great aspect of Abacus is that, unlike all current systems, Abacus is constantly authenticating you and keeping a ‘trust score’.

Abacus的另一个重要方面是,与所有当前系统不同,Abacus不断地对您进行身份验证并保持“信任度”。

So, in theory, if someone grabbed your phone in the street, it wouldn’t matter if you were logged into email, social media or even bank accounts. The device would quickly recognize the current user wasn’t you and log out all accounts.

因此,从理论上讲,如果有人在街上抢了您的电话,则无论您是否登录到电子邮件,社交媒体甚至银行帐户都没关系。 设备将Swift识别出当前用户不是您,然后注销所有帐户。

That’s an impressive use case.

这是一个令人印象深刻的用例。

另一方面.. (On the other hand..)

Bodies change. We bang our knee and limp. Our voice gets croaky with flu. We cut our hair, we shave our beards, we get collagen injections and new glasses. Sometimes all on the same day!

机构发生变化。 我们猛地knee膝。 我们的声音因流感而嘶哑。 我们剪头发,剃胡须,注射胶原蛋白和戴上新眼镜。 有时都在同一天!

Getting locked out of all your accounts the day you had a serious bike accident would be hard to forgive and forget.

在发生严重自行车事故的那天将所有账户拒之门外,这是很难原谅和忘记的。

Of course, this problem is simply a technical/UX challenge. It’s probably possible to build a system that gets this right 99.9% of the time. Signatures have never been 100% foolproof either.

当然,这个问题仅仅是技术/ UX挑战。 可能有可能构建一个能够在99.9%的时间内获得正确的系统。 签名也从未做到万无一失。

And we know Google are very good at building systems. I’d back them to get that right eventually.

我们知道Google非常擅长构建系统。 我支持他们最终做到这一点。

隐私中的最后一根稻草? (The Final Straw in Privacy?)

Let’s face it: We’re all lazy. We’re all looking for easy ways out. The prospect of grabbing your friend’s phone and instantly opening your email on it without needing a single password is very seductive, right?

面对现实:我们都很懒。 我们都在寻找简单的出路。 抓住朋友电话并立即在其上打开电子邮件而不需要输入单个密码的前景非常诱人,对吗?

But we also need to realize we’re letting go of the steering wheel.

但是我们还需要意识到我们正在放开方向盘。

No longer are WE identifying ourselves to the phone. The phone is proactively identifying us – whether we like it or not. Who’s the boss in this scenario?

我们不再在电话中识别自己的身份。 电话会主动识别我们–是否喜欢。 在这种情况下谁是老板?

Somewhere there will be a database that can pick us out of a crowd just because we walk funny. It might just be me, but that has more than a hint of 'Minority Report'.

某个地方会有一个数据库,可以将我们从人群中挑出来,仅仅是因为我们走得很有趣。 可能只有我一个人,但这不仅仅是“ 少数派报告”的暗示。

Some interesting decisions ahead.

未来一些有趣的决定。

P.S. If I told you Regina joined Google as the previous director of DARPA, would you feel better or worse?

PS:如果我告诉过您,里贾纳(Regina)作为DARPA的前董事加入Google,您会感到好还是坏?

Originally published in the SitePoint Design Newsletter.

最初发布在SitePoint设计新闻中 。

翻译自: https://www.sitepoint.com/end-passwords-privacy-call/

qq密码终结者

最新回复(0)