With the popularization of
, network security is becoming more and more serious. And the famous CSDN technology community of more than 600 users broke the plaintext password exposed after the event, Tianya 40 million user password leak plaintext in the world, followed by renren.com, happy net, mop.com, even Jingdong like Alipay mall, dangdang.com, the electricity supplier website have burst password leak, tens of millions of user data exposed on the public network platform, let us not to worry about the network by the serious security problems.
now, many of the electricity supplier and bank sites are using dynamic password service, greatly protect the user’s information and security of funds, the main way is:
1, dynamic password card, similar to the form of scratch cards, anyway by two indices to identify the current password.
common: bank password card, etc.;
disadvantages: need to carry, and easy to copy or take notes, security is relatively high, and limited use.
2, according to the special hardware token algorithm (general time algorithm) to generate an unpredictable random combination of numbers, each code can only be used once, or similar to the U shield insertion hardware required to a class of data comparison.
common: U shield, QQ token, etc.;
disadvantages: need to carry, use more complicated, and cost a lot of hardware costs;
3, mobile phone password: one is through software to achieve dynamic password generation, and the other is relatively simple, through SMS to obtain verification code to confirm the identity;
: common QQ mobile phone token, Alipay mobile phone payment verification code;
disadvantages: you need to bind to your phone. If you change the phone number, it will be more trouble, and sometimes you will encounter delay or not receive. The website needs to deploy SMS platform, and a lot of SMS will cost a lot.
above all have their own advantages, but there is a big problem, is not suitable for small and medium-sized site deployment, all need to spend a lot of time and capital costs, and increased to the user a lot of burden; then have a more convenient and no security password based solutions.
the author through years of network construction experience, summed up and invented a simple parallel effective password implementation program, and for all types of language written web site, small and medium-sized websites can be quickly deployed.
small website user login common way: "username + password" or "username + password + code"; even with the MD5 encryption, but also can not guarantee the customer password is not compromised, because the password input process is likely to be the next person to see, or computer after Taiwan Trojan records, if you want to solve this the problem, that there is only one way, let people see the wood or monitor password >