170million passwords of Netcom learning link have been leaked! What are the remedies?

In recent days, , The password of Netcom learning pass has been leaked , super 1.7 Billion pieces of private data were sold , Include password ！ Once rushed to the microblog hot search ！

Then , The official response of Xuetong is untrue ！

Whether the news is true or not, we don't care , Say a cliche question ： Password leaks ！

We are Internet users , Our basic necessities of life depend on the Internet , Especially the password , Is the key to our cyberspace , Once stolen , Hackers can go straight in , encounter little resistance , The consequences are unimaginable ！

Hackers are black , That is, they do everything they can , Use various means to achieve the desired goal , So it's hard not to steal passwords , At this time, it is necessary to change a defensive means ： If the password has been stolen , How to prevent hackers from logging into our account ？

At this time, two factor authentication was born ！

Two factor authentication is two authentication factors , Password is a , Dynamic password or fingerprint recognition or face recognition or SMS verification code is the second , The combination of two swords , Enhance security ！

Let's take learning as an example , Learning is mainly for C End user internet products , The user only needs to enter the user name and password to log in , There will be a great risk , If the message is true , A large number of accounts are no longer secure , This is a good time to add two factor authentication to enhance security , Scheme as follows ：

the reason being that C End Internet products , Biometric classes are not suitable for , SMS verification code is the most appropriate , In the user name 、 Based on static password , Add SMS verification code , Achieve two factor certification , Simply say the implementation method ：

The original architecture was very simple ：

Deployment server , Providing services for users is enough

Now we need to add two factors , The architecture will change ：

First, add one CKEY Two factor authentication server , As a two factor management platform ;

Then add a SMS gateway , Send verification code ;

Finally, the user's mobile phone number is required , Receive verification code ;

When the user logs in , Need user name 、 Static password 、 SMS verification code Log in , This completes the closed loop of secure login ！

Is the SMS verification code safe ？

First of all, it is better to add SMS verification code than not to add SMS verification code , The security level must have been greatly improved , But the SMS verification code also has some defects ：

1、 The SMS verification code is seriously disturbed by the signal , The verification code may not be received ;

2、 SMS verification code is transmitted through the network , There is a risk of being intercepted ;

For enterprises with very high security requirements , They will take another approach ： One-time password ！

The dynamic password architecture is different ：

1、 Add one CKEY Two factor authentication server , As a two factor authentication management platform ;

2、 Bind a mobile phone for each user APP token , Generate dynamic password in real time ;

To achieve user name 、 Static password 、 One-time password Sign in , At this time, the generation and reception of dynamic password do not need network transmission , Therefore, it will not be disturbed by the network , It can perfectly avoid the disadvantages of SMS verification code , It's just not so convenient .

Taken together ：

SMS verification code and dynamic password can well strengthen login security protection , Both have advantages and disadvantages ：

SMS verification code is very convenient to use , The stability and safety are not so high , The safety requirements are not too high C End to end Internet applications ;

Dynamic password is more secure , It will be a little troublesome to use , Suitable for those with high safety requirements C End Internet products and enterprise level products ;

How to choose , It depends on the actual situation .