mongodb启用身份验证
by Nitin Sharma
由Nitin Sharma
启用两因素身份验证之前应了解的事项 (Things You Should Know Before Enabling Two-Factor Authentication)With Cybersecurity becoming a big concern, two-factor authentication (2FA) is a topic that is becoming hotter with each passing day.
随着网络安全成为一个大问题,两因素身份验证(2FA)是一个日新月异的话题。
After all, who doesn’t want to keep their private data safe? Two-factor authentication may not be a bulletproof solution but is one of the easiest and best ways to shore up your virtual security.
毕竟,谁不想保护自己的私人数据安全? 两因素身份验证可能不是防弹解决方案,而是支持虚拟安全性的最简单,最佳方法之一。
Treat 2-factor authentication as a supplement to strong passwords, not as a replacement.
将2要素身份验证视为强密码的补充,而不是替代。
Two-factor authentication adds another security layer to the login process, reducing the chances of your account getting hacked. Just knowing and entering your password is not enough since there is a second layer which is usually time sensitive. This makes the process a whole lot more secure.
两因素身份验证在登录过程中增加了另一个安全层,从而减少了帐户被黑客入侵的可能性。 仅知道和输入密码是不够的,因为通常有第二层对时间敏感。 这使整个过程更加安全。
Here are some facts you would want to know before you enable two-factor authentication:
在启用两因素身份验证之前,您需要了解以下事实:
使用2FA可以避免五分之四的数据泄露 (Four out of five data breaches could be avoided by using 2FA)Cyber threats are on a rise and 2-factor authentication actually helps to counter them.
网络威胁正在上升,而两因素身份验证实际上有助于对付它们。
Majority of the hacking-related breaches take place due to weak or stolen passwords. Since many users tend to use the same password everywhere, the risk grows ten fold. Clearly, something more than just passwords are needed.
大多数与黑客有关的入侵都是由于密码薄弱或被盗造成的。 由于许多用户倾向于在各处使用相同的密码,因此风险增加了十倍。 显然,需要的不仅仅是密码。
According to a Verizon’s Data Breach Report, 80% of data breaches could be eliminated by the use of two-factor authentication.
根据Verizon的数据泄露报告 ,使用两因素身份验证可以消除80%的数据泄露。
2FA makes sure that even if your password gets compromised, the hacker has to crack another security layer before they can access your account. And since most of the 2FA methods are time-dependent, it makes the hacker’s job so much more difficult.
2FA确保即使您的密码遭到破坏,黑客也必须破解另一个安全层,然后他们才能访问您的帐户。 而且由于大多数2FA方法都是与时间相关的,因此这使黑客的工作更加困难。
No wonder all the major websites and banks provide an option to enable 2-factor security.
难怪所有主要网站和银行都提供启用两因素安全性的选项。
两因素身份验证不能替代强密码 (Two-factor authentication is not a replacement for strong passwords)Weak and repeated passwords are a bane to Cyber security. No matter which account or service you’re using, it’s always best to set a unique complex password.
密码短而重复是网络安全的祸根。 无论您使用哪个帐户或服务,最好都设置一个唯一的复杂密码。
Using repeated passwords all over the Internet makes us vulnerable to massive impacts even if one site’s security gets breached. In such a case, all our accounts can be at the attacker’s disposal.
即使在一个站点的安全性遭到破坏的情况下,在整个Internet上使用重复的密码也使我们容易受到巨大影响。 在这种情况下,攻击者可以使用我们的所有帐户。
Even if you enable two-factor authentication, strong passwords are a must. As mentioned earlier, treat 2FA as a supplement to strong passwords, not as a replacement.
即使启用了双重身份验证,也必须使用强密码。 如前所述,将2FA视为强密码的补充,而不是替代。
Always use a complex combination of letters, numbers, and special symbols to generate a strong and unique password for each service you use. You can also use a service like LastPass to easily manage your passwords.
始终使用字母,数字和特殊符号的复杂组合为您使用的每种服务生成一个强大而独特的密码。 您还可以使用LastPass之类的服务轻松管理密码。
您可以通过两种方式获取密码 (There are two ways you can get the passcodes)You can generate the passcodes for 2FA in multiple ways. Codes can be generated on the server and then sent to you via Email, SMS or phone call. This usually requires network connectivity for your mobile and thus can leave you prone to inaccessible accounts in remote areas.
您可以通过多种方式生成2FA的密码。 可以在服务器上生成代码,然后通过电子邮件,SMS或电话将其发送给您。 这通常需要为您的移动设备提供网络连接,从而使您易于在偏远地区无法访问帐户。
The other option is to generate the passcode offline on your phone or a hardware device. You can easily generate 2FA passcodes on your phone via apps like Google Authenticator, Authy or TOTP Authenticator. There are also hardware devices like YubiKey available in the market for setting up two-factor authentication.
另一个选择是在手机或硬件设备上离线生成密码。 您可以通过Google Authenticator,Authy或TOTP Authenticator等应用轻松在手机上生成2FA密码。 市场上还有诸如YubiKey之类的硬件设备可用于设置两因素身份验证。
This method is more robust as no data connectivity is required, leaving you less prone to network phishing.
由于不需要数据连接,因此此方法更加健壮,从而减少了网络钓鱼的可能性。
In some cases, the second step can also be biometric verification or entering a PIN you set by yourself earlier.
在某些情况下,第二步也可以是生物特征验证或输入您之前设置的PIN。
总是备份。 您不想被锁定帐户 (Always back up. You don’t want to be locked out of your account)2FA works on the premise that you always have access to the secondary passcode. But in case you use a 2-factor authentication app and you lose your phone or your data gets wiped out, you can be locked out of your account.
2FA的工作前提是您始终可以访问辅助密码。 但是,如果您使用2要素身份验证应用程序,但手机丢失或数据被清除,则可以将其锁定在帐户之外。
To avoid such a scenario, some websites provide backup codes which you must save securely and can use in such situations. Alternatively, you can use an authentication app which provides the option to back up your security key and related data.
为了避免这种情况,某些网站提供了备份代码,您必须安全保存这些备份代码,并且可以在这种情况下使用。 或者,您可以使用身份验证应用程序,该应用程序提供了备份安全密钥和相关数据的选项。
We developed the TOTP Authentication app for iOS and Android keeping this in mind. The app allows you to back up your security key and related information either to your device or to online storage options such as Google Drive in a hassle free way. The encrypted backup file can be set up on another device with just a couple of taps. You can download the app from iTunes store from here, and from Google Play Store from here.
我们牢记这一点,针对iOS和Android开发了TOTP身份验证应用程序。 该应用程序可让您轻松地将安全密钥和相关信息备份到设备或在线存储选项(例如Google云端硬盘)中。 只需单击几下,即可在另一台设备上设置加密的备份文件。 您可以从以下网站下载来自iTunes Store的应用程序在这里 ,并从谷歌Play商店从这里 。
结论 (Conclusion)Two-factor authentication is slowly becoming a norm in the digital world. Most of the banks, cloud storage services and social media websites already provide the option. You should switch on 2FA wherever possible. As they say, prevention is better than cure.
两因素身份验证正逐渐成为数字世界中的一种规范。 大多数银行,云存储服务和社交媒体网站已经提供了该选项。 您应该尽可能打开2FA。 正如他们所说,预防胜于治疗。
Have any questions about 2FA authentication? Shoot them in the comments!
对2FA认证有疑问吗? 射中他们的评论!
To know more about 2-factor authentication you can also check out this article.
要了解有关2因子身份验证的更多信息,您还可以查看本文 。
翻译自: https://www.freecodecamp.org/news/things-you-should-know-before-enabling-2-factor-authentication-2fa-6f11e4b5eab1/
mongodb启用身份验证