[{"data":1,"prerenderedAt":372},["ShallowReactive",2],{"blog-post-zh-how-to-create-strong-passwords":3},{"id":4,"title":5,"author":6,"body":7,"description":356,"draft":357,"extension":358,"lang":359,"meta":360,"navigation":286,"path":361,"pubDate":362,"relatedTool":363,"seo":364,"stem":365,"tags":366,"__hash__":371},"blog\u002Fblog\u002Fzh-how-to-create-strong-passwords.mdx","如何创建强密码（以及为什么重要）","ujiffy team",{"type":8,"value":9,"toc":340},"minimark",[10,23,27,44,47,69,72,75,78,83,89,93,96,114,117,121,132,136,139,142,145,151,168,202,211,225,228,231,234,262,265,268,272,275,319,322,325,332],[11,12,13,14,18,19,22],"p",{},"密码是你的账户和攻击者之间的第一道防线。然而，直到今天，仍有无数人在使用 ",[15,16,17],"code",{},"123456","、",[15,20,21],{},"iloveyou"," 或者宠物名加感叹号这类密码。数据泄露事件比以往任何时候都更频繁，所以让我们来聊聊什么才算真正的强密码、要避免哪些错误，以及如何在几秒内生成一个安全的密码。",[24,25,26],"h2",{"id":26},"为什么弱密码很危险",[11,28,29,30,18,32,18,35,38,39,43],{},"每年，安全研究人员都会公布最常用密码排行榜。年复一年，",[15,31,17],{},[15,33,34],{},"password",[15,36,37],{},"qwerty"," 稳居榜首。这些密码用自动化工具",[40,41,42],"strong",{},"不到一秒","就能破解。",[11,45,46],{},"攻击者通常使用以下手段入侵账户：",[48,49,50,57,63],"ul",{},[51,52,53,56],"li",{},[40,54,55],{},"暴力破解（Brute Force）","——逐一尝试所有可能的组合，直到找到正确的。",[51,58,59,62],{},[40,60,61],{},"字典攻击（Dictionary Attack）","——使用包含常见单词、名字和已知密码的列表进行匹配。",[51,64,65,68],{},[40,66,67],{},"撞库攻击（Credential Stuffing）","——将从某次泄露中获得的账号密码对，批量尝试登录其他网站。",[11,70,71],{},"如果你的密码短、可预测，或者在多个平台重复使用，你不只是\"有风险\"——你是最容易被盯上的目标。一个账户被攻破，往往会引发邮箱、银行、社交媒体的连锁沦陷。",[24,73,74],{"id":74},"强密码的特征",[11,76,77],{},"强密码不只是\"难猜\"，它需要在机器每秒尝试数百万次的情况下仍然难以破解。以下几点至关重要：",[79,80,82],"h3",{"id":81},"_1-长度","1. 长度",[11,84,85,86],{},"长度是最重要的因素。每多一个字符，可能的组合数量就成指数级增长。12 位密码比 8 位密码难破解的程度是天文数字级别的。",[40,87,88],{},"重要账户建议至少使用 16 位。",[79,90,92],{"id":91},"_2-字符多样性","2. 字符多样性",[11,94,95],{},"强密码应混合使用：",[48,97,98,101,104,107],{},[51,99,100],{},"大写字母（A–Z）",[51,102,103],{},"小写字母（a–z）",[51,105,106],{},"数字（0–9）",[51,108,109,110,113],{},"特殊符号（",[15,111,112],{},"!@#$%^&*"," 等）",[11,115,116],{},"四类字符混合使用，会大幅增加攻击者的搜索空间。",[79,118,120],{"id":119},"_3-随机性","3. 随机性",[11,122,123,124,127,128,131],{},"密码不应遵循任何规律。",[15,125,126],{},"P@ssw0rd"," 看起来很复杂，但它出现在每个破解工具的字典里，因为这是一种可预测的替换模式。你真正需要的是像 ",[15,129,130],{},"t7!Kx#mQpL2$vR"," 这样的真正随机字符串。",[79,133,135],{"id":134},"_4-唯一性","4. 唯一性",[11,137,138],{},"不要在多个账户上使用同一个密码。一旦某个网站发生数据泄露，攻击者会立刻拿着这个密码去尝试你所有的其他账户。每个登录都应使用独立密码。",[24,140,141],{"id":141},"常见的密码错误",[11,143,144],{},"即便是自认为很小心的人，也常常踩中同样的坑：",[11,146,147,150],{},[40,148,149],{},"使用个人信息","\n生日、伴侣\u002F孩子\u002F宠物的名字、家庭住址——这些信息在社交媒体上都能找到，也是攻击者最先尝试的内容。",[11,152,153,156,18,158,18,161,18,164,167],{},[40,154,155],{},"键盘走位（Keyboard Walk）",[15,157,37],{},[15,159,160],{},"asdfgh",[15,162,163],{},"zxcvbn",[15,165,166],{},"1qaz2wsx","，这类序列打起来感觉很随机，实际上早就出现在每一份攻击字典里了。",[11,169,170,173,174,177,178,181,182,177,185,181,188,177,191,194,195,197,198,201],{},[40,171,172],{},"简单字符替换","\n把 ",[15,175,176],{},"a"," 换成 ",[15,179,180],{},"@","，",[15,183,184],{},"o",[15,186,187],{},"0",[15,189,190],{},"e",[15,192,193],{},"3","，这种技巧破解工具早就会自动处理了。",[15,196,126],{}," 并不比 ",[15,199,200],{},"Password"," 安全多少。",[11,203,204,207,210],{},[40,205,206],{},"只在末尾加数字或符号",[15,208,209],{},"Summer2024!"," 是一种典型的可识别模式，这种可预测的结构完全抵消了复杂度的意义。",[11,212,213,216,217,220,221,224],{},[40,214,215],{},"重复使用密码只改一点","\n如果你习惯用 ",[15,218,219],{},"BlueSky42","，明年换成 ",[15,222,223],{},"BlueSky43"," 并不会保护你。破解了一个变体的攻击者会立刻尝试相邻变体。",[24,226,227],{"id":227},"如何即时生成强密码",[11,229,230],{},"获得强密码最简单的方式，是使用生成工具——而不是自己想一个。人脑很不擅长真正的随机性，我们总是在不知不觉中遵循某种规律。",[11,232,233],{},"ujiffy 的免费密码生成器让你可以：",[48,235,236,243,250,256],{},[51,237,238,239,242],{},"设置所需的",[40,240,241],{},"密码长度","（推荐 16 位以上）",[51,244,245,246,249],{},"选择包含哪些",[40,247,248],{},"字符类型","（大写、小写、数字、符号）",[51,251,252,255],{},[40,253,254],{},"即时在浏览器中","生成随机密码",[51,257,258,259],{},"一键",[40,260,261],{},"复制到剪贴板",[11,263,264],{},"无需注册账号，不向服务器发送任何数据，所有操作都在你的浏览器本地完成。",[11,266,267],{},"生成强密码后，将其保存到密码管理器中（如 Bitwarden、1Password 或浏览器内置的管理器）。你不需要记住它——只需确保它被安全存储。",[24,269,271],{"id":270},"快速检查你的密码够强吗","快速检查：你的密码够强吗？",[11,273,274],{},"在确定一个密码之前，过一遍这份清单：",[48,276,279,289,295,301,307,313],{"className":277},[278],"contains-task-list",[51,280,283,288],{"className":281},[282],"task-list-item",[284,285],"input",{"disabled":286,"type":287},true,"checkbox"," 至少 16 位长",[51,290,292,294],{"className":291},[282],[284,293],{"disabled":286,"type":287}," 包含大写字母、小写字母、数字和符号",[51,296,298,300],{"className":297},[282],[284,299],{"disabled":286,"type":287}," 不含你的姓名、生日或任何个人信息",[51,302,304,306],{"className":303},[282],[284,305],{"disabled":286,"type":287}," 不是字典词汇或常见短语",[51,308,310,312],{"className":309},[282],[284,311],{"disabled":286,"type":287}," 没有在其他账户上重复使用",[51,314,316,318],{"className":315},[282],[284,317],{"disabled":286,"type":287}," 通过工具随机生成（而非自己想的）",[11,320,321],{},"六条全部勾选，你就很安全了。",[24,323,324],{"id":324},"小结",[11,326,327,328,331],{},"创建强密码其实并不复杂，关键的认知只有一个：",[40,329,330],{},"不要自己发明密码","。使用生成工具获取真正随机的密码，然后用密码管理器来记住它。\"随机生成 + 安全存储\"这个组合，是 2025 年密码安全的黄金标准。",[11,333,334],{},[176,335,337],{"href":336},"\u002Fzh\u002Ftools\u002Fpassword-generator",[40,338,339],{},"立即使用 ujiffy 密码生成器 →",{"title":341,"searchDepth":342,"depth":342,"links":343},"",2,[344,345,352,353,354,355],{"id":26,"depth":342,"text":26},{"id":74,"depth":342,"text":74,"children":346},[347,349,350,351],{"id":81,"depth":348,"text":82},3,{"id":91,"depth":348,"text":92},{"id":119,"depth":348,"text":120},{"id":134,"depth":348,"text":135},{"id":141,"depth":342,"text":141},{"id":227,"depth":342,"text":227},{"id":270,"depth":342,"text":271},{"id":324,"depth":342,"text":324},"了解什么让密码真正安全、常见错误以及如何使用 ujiffy 免费工具即时生成强密码。",false,"mdx","zh",{},"\u002Fblog\u002Fzh-how-to-create-strong-passwords","2025-05-12","password-generator",{"title":5,"description":356},"blog\u002Fzh-how-to-create-strong-passwords",[367,368,369,370],"密码","安全","在线工具","密码生成器","DZLzUHg-VtvWZxV6x5NdPUFcX-RIP9bxUD1x3bd035Q",1778831414346]