书单|17/100天挑战 | The Design of Everyday Things 读书笔记
Memory Is Knowledge in the Head
It is one things to have to memorize one or two secrets: a combination or a password. But when the number of secret codes gets too large, memory fails. Many of the security requirements are unnecessary, and needlessly complex.
Many people believe strong passwords, ones difficult to guess, are required, and that they must be changed frequently. However, the more complex the password requirements, the less secure the system because people are unable to remember all these combinations, write them down. Then they store this private, valuable knowledge in wherever it is easy to find because it is frequently needed. So if a thief only has to find the list and then all secrets are known.
Since we cannot remember all these secret things, we put the memory in the world by writing things down. That creates another problem: How do we disguise the items, how so we hide them, and how do we remember what the disguise was or where we put it?
The safest methods require multiple identifiers, the most common schemes requiring at least two kinds: “something you have” plus “something you know”. The “something you have” is often a physical identifier (a key or a biometric identifier). The “something you know” would be knowledge in the head, most likely something memorized.
记忆是头脑中的知识
记住一两个秘密,比如一个组合或者一个密码,是一回事。但是当密码的数量变得太大时,记忆就会失效。其实,许多安全需求是不必要的,并且它们往往变得不必要的复杂。
许多人认为,必须使用难以猜测的强密码,而且密码必须经常更换。然而,当密码要求越复杂,系统的安全性就越低。因为人们无法记住所有这些密码组合,它们会通过把密码记下来或者写下来的方式记住。然后,因为它们经常需要用到这些密码,他们就把这些私人的、有价值的知识储存在任何容易找到的地方。所以说如果一个小偷只需要找到写有密码的单子,那所有的秘密就都被知道了。
既然我们不能记住所有这些秘密的事情,我们就把这些记忆写下来。这就产生了另一个问题:我们如何伪装写下来的秘密,如何隐藏它们,如何记住这些我们设置的伪装,或者我们把它藏起来的地点?
储存秘密最安全的方法是需要多个标识符,而最常见的方案至少需要两种类型:“拥有的东西”和“知道的东西”。“拥有的东西”通常是一个物理标识符(钥匙或生物识别标识符)。“知道的东西”是头脑中的知识,通常很可能是记忆的东西。
