Suspicious Website Logins
| English | Chinese | Pinyin |
|---|---|---|
| password attack | 密码攻击 | mì mǎ gōng jī |
| dictionary | 字典 | zì diǎn |
| authentication | 身份验证 | shēn fèn yàn zhèng |
| password manager | 密码管理器 | mì mǎ guǎn lǐ qì |
| multifactor authentication | 多因素身份验证 | duō yīn sù shēn fèn yàn zhèng |
What a password attack is
- A password attack 密码攻击 tries to log in with guessed or stolen passwords.
- An online attack tries them against a real login page.
- Automated tools can try thousands of passwords fast.
Signs in the log
- Many failed logins in a short time.
- Login attempts at unusual hours.
- Logins from unknown devices.
Strong password or weak password?
Strong passwords are long, random, and unique; weak ones follow common patterns or use personal info.
Which is a sign of an online password attack in the logs?
A burst of failed logins signals guessing.
An adversary's list of likely passwords built from your personal info is a ____.
A dictionary of guesses is fed to an automated tool.
Why weak passwords fail
- People use predictable patterns like
Summer24!. - They reuse names of pets or family.
- An adversary builds a dictionary 字典 of likely guesses.
Never reuse one password across sites. If one site is breached, adversaries try that same password everywhere else — a trick called credential reuse.
Which password is strongest?
Long, random, unique beats any pattern.
Multifactor authentication (MFA) adds security beyond just a password.
MFA asks for extra proof, like a texted code.
Order these from WEAKEST to STRONGEST password.
Length and randomness increase strength.
Which make authentication stronger? (Choose all)
Reusing a password — even a strong one — is risky.
Making authentication stronger
- Use long, random, unique passwords — a password manager 密码管理器 helps.
- Avoid names, dates, and meaningful words.
- Turn on multifactor authentication (MFA) 多因素身份验证.
P@ssw0rd2024 feels clever but follows the exact common pattern (word + number + symbol) an adversary's dictionary expects. A random 16-character string from a password manager is far safer.
An online password attack guesses against a live login and shows up as many failed attempts. People lose because they pick weak, patterned passwords. Fix it with long unique passwords and MFA.