电子邮件账号密码_电子邮件密码遭到破坏后如何恢复
电子邮件账号密码
Your friends are reporting spam and pleas for money originating from your email account and some of your logins aren’t working; you’ve been compromised. Read on to see what to do right now and how to protect yourself in the future.
您的朋友报告了来自您电子邮件帐户的垃圾邮件和讨价还价的请求,并且您的某些登录无效; 你已经被妥协了。 继续阅读以了解现在该怎么做以及将来如何保护自己。
A compromised password is serious business. A security breach at a minor service you use can jeopardize your more serious accounts if you use weak passwords (or even the same one) across all of them and a security breach at a core service like your email account means it is time to batten the hatches and get your passwords under control.
密码泄露是很严肃的事情。 如果您在所有次要服务上使用弱密码(甚至是相同的密码),则您使用的次要服务上的安全漏洞可能会危害您的更严重的帐户,而像电子邮件帐户这样的核心服务上的安全漏洞则意味着现在应该对这种严重漏洞进行保护孵化并控制您的密码。
This guide is full of useful tips for anyone who has to deal with the fall out of leaked password but we’ll be focusing specifically on dealing with the mother of all compromises: a compromised email account. Once someone has control of your email account they can easily gain control of the dozens of other services you use as, for better or worse, email functions as a major key-to-the-castle and qualifying identifier.
本指南提供了许多有用的技巧,适用于必须处理泄漏的密码泄露问题的任何人,但我们将专注于处理所有受到威胁的母亲:受感染的电子邮件帐户。 一旦某人控制了您的电子邮件帐户,他们就可以轻松地控制您使用的其他数十种服务,无论好坏,电子邮件都是主要的城堡钥匙和合格标识符。
保护您的电子邮件帐户 (Secure Your Email Account)
The absolute first thing you need to do at even the slightest hint that something is amiss is to lock down your account. The second your friend calls you and says “I just got an email from you claiming you’re in London and need me to wire you money” you need to get on your computer and get to work.
您需要做的绝对第一件事是锁定您的帐户,即使有丝毫提示是不对的。 您的朋友第二次打电话给您,并说:“我刚收到您的一封电子邮件,声称您在伦敦,需要我为您汇款”,您需要使用计算机并开始工作。
Resetting/recovering your password. You may need to reset or recover your password. The process varies from email service to email service but we’ve gathered up the reset links for three popular email services here to help speed the process along if you’ve found this article via a panicked Google search. You can find the forms for Gmail, Hotmail, and Yahoo! Mail here. All three of the aforementioned services have an option for you to specify not just that you forgot your password but that you believe your account has been compromised.
重置/恢复密码。 您可能需要重设或恢复密码。 电子邮件服务的处理过程因电子邮件服务的不同而异,但是如果您在惊慌的Google搜索中找到了本文,我们将在此处收集三种流行的电子邮件服务的重置链接,以帮助加快该过程。 您可以找到Gmail , Hotmail和Yahoo!的表单。 邮件在这里。 上述所有三个服务均提供了一个选项,供您指定不仅忘记密码,而且还认为您的帐户已被盗用。
Change your password to something completely different than your previous password. Make it a combination of alphanumeric characters and if need be temporarily write it down. The important thing is that you secure your email immediately with a strong password. While you are still logged into your email account complete the following steps.
将您的密码更改为与以前的密码完全不同的密码。 将其组合为字母数字字符,如果需要,可以暂时将其写下来。 重要的是,您应立即使用强密码保护电子邮件安全。 当您仍然登录到电子邮件帐户时,请完成以下步骤。
Enable two-factor authentication. Although your email service may not offer this feature, if it does turn it on. You likely won’t keep it on forever (two-factor verification is kind of a hassle) but while you’re in lock-down mode and attempting to get everything under control it’s nice to know that someone would need to, for example, have access to your mobile phone and your password in order to gain access to your email account. You can read about two-factor authentication for Gmail here.
启用两因素身份验证。 尽管您的电子邮件服务可能不提供此功能,但如果确实将其打开。 您可能不会永远保持下去(两因素验证有点麻烦),但是当您处于锁定模式并试图控制一切时,很高兴知道有人需要例如有权访问您的手机和密码,以便访问您的电子邮件帐户。 您可以在此处阅读有关Gmail的双重身份验证的信息。
Go through your email settings with a fine tooth comb. In addition to changing your password and setting up two-factor authentication you need to go through the settings on your email account to make sure nothing is out of the ordinary. Here are several things you need to look at: check your recovery email and ensure that it is set to an email address you control, check your password hints and replace them with fresh questions only you know the answer to, check your email forwarding settings to ensure that however compromised your email hasn’t set it up so that all your future email will be forwarded to a 3rd party.
用细齿梳检查您的电子邮件设置。 除了更改密码和设置两因素身份验证之外,您还需要检查电子邮件帐户上的设置,以确保一切都与众不同。 您需要查看以下几件事:检查辅助邮箱并确保将其设置为您控制的电子邮件地址,检查密码提示,并用只有您知道答案的新问题替换它们,检查您的电子邮件转发设置以确保没有设置妥协的电子邮件,以便将来所有电子邮件都转发给第三者。
Regarding password hints: password recovery systems based on hints are notoriously easy to defeat as it isn’t particularly difficult to get basic information about a person like where they were born, what their cat’s name is, etc. (thank you frivolous Facebook quizzes). One easy way to radically increase the strength of hint questions is to make them about someone other than yourself. Answer the questions as though you are your father, a character in a comic book or novel you love, or any other third party that you have a significant degree of knowledge about.
关于密码提示:众所周知,基于提示的密码恢复系统很容易遭到破坏,因为要获得有关某人的基本信息(例如他们的出生地,猫的名字等)并不是特别困难(感谢您轻率的Facebook测验) 。 一个简单的方法,从根本上增加一丝的疑问强度是让他们了解自己比其他人。 就像您是您的父亲,喜欢的漫画书或小说中的人物,或是您具有相当知识的任何其他第三方一样,回答问题。
Don’t neglect these three steps and make sure to look at all the settings on your email account to make sure there are no surprises tucked away!
不要忽略这三个步骤,并确保查看您的电子邮件帐户上的所有设置,以确保没有任何意外!
更改与您的电子邮件地址关联的每个密码 (Change Every Password Associated with Your Email Address)
Email addresses function as the proverbial keys to the castle. If someone has access to your email account they also have access to nearly everything else you’ve ever used your email account for—your iTunes login, your Amazon.com account, your credit cards and banking institutions, social media accounts, discussion forums and so on. Now is the time to start changing passwords. We realize this isn’t fun and we realize it’s time consuming if you have lots and lots of accounts. The upside is that once you do it, you’ll have effectively inoculated yourself against this misery in the future.
电子邮件地址是城堡的惯用语。 如果某人可以访问您的电子邮件帐户,那么他们也几乎可以访问您曾经使用过的电子邮件帐户的所有其他内容-iTunes登录名,Amazon.com帐户,信用卡和银行机构,社交媒体帐户,论坛和以此类推。 现在是时候开始更改密码了。 我们意识到这不好玩,而且如果您有很多帐户,那会很浪费时间。 好处是,一旦您这样做,将来就可以有效地预防这种痛苦。
Get a password manager. Not everyone uses a password manager and lots of people have their reasons for not doing so including “I’ve got a good memory”, “I don’t trust password managers”, “I’ve got some straight up KGB algorithm in my brain to generate new and awesome passwords”, etc. We’ve heard it all before. If you want to play the “I’ll memorize all my passwords” game, that’s fine. You simply won’t have as strong and varied passwords as someone who uses a password manager. Not using a password manager is like refusing to use a calculator and solving all math problems long hand; there’s no good reason to forgo using a calculator and there’s no good reason to stick to juggling passwords in your head when there are better alternatives.
获取密码管理器。 并非每个人都使用密码管理器,很多人没有这样做的原因包括“我有一个很好的记忆力”,“我不信任密码管理器”,“我的手机中有一些简单的KGB算法”大脑来生成新的,很棒的密码”等等。我们以前都听说过。 如果您想玩“我会记住我所有的密码”游戏,那很好。 您根本不会拥有使用密码管理器的人那样强大而多样的密码。 不使用密码管理器就像拒绝使用计算器并长期解决所有数学问题一样。 没有充分的理由放弃使用计算器,也没有充分的理由在有更好的选择时坚持使用乱七八糟的密码。
Whether you use LastPass, KeePass, or another respectable password manager that integrates with your web browser (and thus decreases your resistance to using it), you’ll have a system that allows you to use extremely strong and unique passwords for each distinct login.
无论您使用LastPass , KeePass还是与Web浏览器集成的另一个受人尊敬的密码管理器(从而减少了使用它的阻力),您都将拥有一个系统,该系统允许您为每个不同的登录使用极其强大且独特的密码。
Search your email for registration reminders. It won’t be hard to remember your frequently used logins like Facebook and your bank but there are likely dozens of outlaying services that you may not even remember that you use your email to log into.
在您的电子邮件中搜索注册提醒。 记住您经常使用的登录名(如Facebook和您的银行)并不难,但可能会有数十种支出服务,您甚至可能都不记得您使用电子邮件登录了。
Use keyword searches like “welcome to”, “reset”, “recovery”, “verify”, “password”, “username”, “login”, “account” and combinations there of like “reset password” or “verify account”. Again, we know this is a hassle but once you’ve done this with a password manager at your side you have a master list of all your account and you’ll never have to this keyword hunt again.
使用诸如“欢迎使用”,“重置”,“恢复”,“验证”,“密码”,“用户名”,“登录”,“帐户”之类的关键字搜索以及诸如“重置密码”或“验证帐户”之类的组合。 同样,我们知道这很麻烦,但是一旦您在身边使用密码管理器完成此操作,您便会拥有所有帐户的主列表,并且您将不再需要再次搜索该关键字。
Use strong passwords. If you’re using a good password manager this won’t even be an issue. LastPass, for example, has a built in password generator. A click of a button is all that it takes to generate a password like “Myy0vNncg6dlYrbhVjo1”; add in another click and you can easily associate that extremely strong password with the account.
使用强密码。 如果您使用的是好的密码管理器,那么这甚至都不是问题。 例如,LastPass具有内置的密码生成器。 只需单击一个按钮,即可生成诸如“ Myy0vNncg6dlYrbhVjo1”之类的密码。 再点击一次,您就可以轻松地将该强密码与该帐户相关联。
If you’re not using a password manager there are still some hard and fast rules you should live by when it comes to manually generating strong passwords:
如果您不使用密码管理器,那么在手动生成强密码时,仍应遵循一些严格的规则:
-
Passwords should always be longer than the minimum the service allows for. If the service in question allows for 6-20 character passwords go for the longest password you can remember.
密码应始终长于服务允许的最小值。 如果有问题的服务允许使用6-20个字符的密码,则请使用最长的密码。
-
Do not use dictionary words as part of your password. Your password should never be so simple that a cursory scan with a dictionary file would reveal it. Never include your name, part of the login or email, or other easily identifiable items like your company name or street name. Also avoid using common keyboard combinations like “qwerty” or “asdf” as part of your password.
不要将词典词用作密码的一部分。 您的密码绝对不能如此简单,以至于通过字典文件进行的粗略扫描都会发现该密码。 切勿包括您的姓名,登录名或电子邮件的一部分,或其他容易识别的项目,例如公司名称或街道名称。 另外,请避免将常见的键盘组合(例如“ qwerty”或“ asdf”)用作密码的一部分。
-
Use passphrases instead of passwords. If you’re not using a password manager to remember really random passwords (yes, we realize we’re really harping on the idea of using a password manager) then you can remember stronger passwords by turning them into passphrases. For your Amazon account, for example, you could create the easily remember passphrase “I love to read books” and then crunch that into a password like “!luv2ReadBkz”. It’s easy to remember and it’s fairly strong.
使用密码短语而不是密码。 如果您没有使用密码管理器来记住真正的随机密码(是的,我们意识到我们确实在使用密码管理器这一想法),那么您可以通过将更强的密码转换成密码来记住它们。 例如,对于您的Amazon帐户,您可以创建容易记住的密码短语“我喜欢读书”,然后将其压缩为“!luv2ReadBkz”这样的密码。 这很容易记住,而且相当强大。
练习良好的密码卫生措施 (Practice Good Password Hygiene Going Forward)
It’s really easy to slip back into bad habits once the shock of security breach has passed. Call it the dentist-effect: you floss and brush like mad before the dentist, you promise yourself you’ll floss and brush after the visit, and three weeks later you find yourself falling asleep on the couch watching Archer with a mouthful of gummy bears.
一旦安全漏洞的冲击过去,就很容易陷入不良习惯。 称它为牙医效果:您像在牙医面前疯狂地用牙线和刷子刷牙,您保证自己会在拜访后用牙线和刷子刷牙,而三周后,您发现自己在沙发上睡着了,看着满口软糖熊的阿切尔。
Staying on top of password management is important and when done correctly protects you from the agony of having to do all this password fixing again (or, worse, losing significant sums of money or becoming embroiled in a legal battle because of what was done with your compromised account). Here’s what you need to do going forward with your old and new accounts:
掌握密码管理非常重要,当密码正确处理后,您不必再进行所有密码修复工作(或者更糟糕的是,由于您所做的事情而损失大量金钱或陷入法律纠纷中)被盗用的帐户)。 继续使用新旧帐户,您需要执行以下操作:
Always use a unique password for each service. Think of this policy like having fire suppression systems in every room of a building. If Lab 223 catches fire it doesn’t take the whole structure with it. If someone hacks a game site you visit they won’t also have access to your email (or any other logins associated with your email address).
始终对每个服务使用唯一的密码。 将此政策想像成在建筑物的每个房间都装有灭火系统。 如果Lab 223着火了,它并不会占据整个结构。 如果有人入侵您访问的游戏网站,他们也将无权访问您的电子邮件(或与您的电子邮件地址相关的任何其他登录信息)。
Change your passwords. Don’t be resistant to changing your passwords. If you use your email a lot at public Wi-Fi spots, internet cafes, etc. then you need to change it frequently as you are using it in locations where it can be easily sniffed, key logged, or otherwise compromised. If you use a master password manager this process is less painless as you really only need to remember a strong password for the password manager and a strong password for your email (everything else can be managed by the password manager).
更改密码。 不要拒绝更改密码。 如果您在公共Wi-Fi站点,网吧等地方大量使用电子邮件,则需要经常更改它,因为在容易被嗅探,记录**或以其他方式受到破坏的位置使用它。 如果您使用主密码管理器,则此过程将轻松得多,因为您实际上只需要记住密码管理器的强密码和电子邮件的密码(其他所有内容都可以由密码管理器管理)。
Do not store your passwords insecurely. However you store your passwords, do not store them insecurely. If you write them down on a notebook lock it in your firesafe. If you keep them in a password manager, use a very secure password for that manager. If you keep them on your computer in a text document then you must encrypt that text document and not simply leave it in your My Documents folder. Your password list, however it is stored, is the passport to your digital life.
不要不安全地存储密码。 但是,如果您存储密码,请不要不安全地存储它们。 如果您将它们写下来,将其锁定在防火安全柜中。 如果将它们保留在密码管理器中,请为该管理器使用非常安全的密码。 如果将它们保存在计算机中的文本文档中,则必须加密该文本文档,而不仅仅是将其保留在“我的文档”文件夹中。 您的密码列表(无论已存储)是您数字生活的通行证。
Do not transmit passwords insecurely. This is a combination of the previous rule and the next rule. Do not email yourself a plain text file of your passwords. It’s the equivalent of writing your passwords on a postcard and mailing them. Anyone who touches the postcard in transit can easily read the passwords. Never email or instant message your passwords for any reason.
不要不安全地传输密码。 这是上一条规则和下一条规则的组合。 不要给自己发送密码的纯文本文件。 这相当于将密码写在明信片上并将其邮寄。 任何在运输途中触摸明信片的人都可以轻松读取密码。 请勿出于任何原因通过电子邮件或即时消息发送密码。
Do not share your password. As well as not sharing your password between services don’t share your passwords with other people. Your friends don’t need to know your passsword, your boss doesn’t need to know your password, no legitimate company employee from Google or Bank of America is ever going to call you up or email you and ask for your password. Your default stance on password sharing should always be “No.”
不要共享您的密码。 除了不在服务之间共享密码外,请勿与其他人共享您的密码。 您的朋友不需要知道您的密码,老板不需要知道您的密码,Google或美国银行的合法公司员工都不会打电话给您或通过电子邮件向您询问密码。 您在密码共享方面的默认立场应始终为“否”。
At this point, if you’ve followed along, you have a set of unique, strong, and well managed passwords. You have one final task. Pull up your contact list and send an email to all the people who you previously spammed with “Help, I’m stuck in London and have no money…” messages and email them a link to this article. There’s a good chance that, like you were, they’re one bad break away from a password nightmare.
在这一点上,如果您遵循的话,那么您将拥有一组独特,强大且管理良好的密码。 您还有一项最后的任务。 拉出您的联系人列表,然后向您以前曾向其发送垃圾邮件的所有人发送电子邮件,其中包括“帮助,我被困在伦敦,没有钱……”消息,然后通过电子邮件将其链接到本文。 与您一样,很可能它们是摆脱密码梦night的一个不好的机会。
翻译自: https://www.howtogeek.com/66033/how-to-recover-after-your-email-password-is-compromised/
电子邮件账号密码