ABOUT THE SPEAKER
Lorrie Faith Cranor - Security researcher
At Carnegie Mellon University, Lorrie Faith Cranor studies online privacy, usable security, phishing, spam and other research around keeping us safe online.

Why you should listen

Lorrie Faith Cranor is an Associate Professor of Computer Science and of Engineering and Public Policy at Carnegie Mellon University, where she is director of the CyLab Usable Privacy and Security Laboratory (CUPS) and co-director of the MSIT-Privacy Engineering masters program. She is also a co-founder of Wombat Security Technologies, Inc. She has authored over 100 research papers on online privacy, usable security, phishing, spam, electronic voting, anonymous publishing, and other topics.

Cranor plays a key role in building the usable privacy and security research community, having co-edited the seminal book Security and Usability and founded the Symposium On Usable Privacy and Security (SOUPS). She also chaired the Platform for Privacy Preferences Project (P3P) Specification Working Group at the W3C and authored the book Web Privacy with P3P. She has served on a number of boards, including the Electronic Frontier Foundation Board of Directors, and on the editorial boards of several journals. In 2003 she was named one of the top 100 innovators 35 or younger by Technology Review.

More profile about the speaker
Lorrie Faith Cranor | Speaker | TED.com
TEDxCMU

Lorrie Faith Cranor: What’s wrong with your pa$$w0rd?

Lorrie Faith Cranor: Što ne valja s vašom lo2!nk0m?

Filmed:
1,520,582 views

Lorrie Faith Cranor je proučavala tisuće pravih korisničkih lozinki kako bi otkrila iznenađujuće, česte greške koje korisnici i zaštićene stranice čine narušavajući sigurnost. A kako ih je proučavala, a da nije pritom narušila sigurnost niti jednog korisnika? To je prava priča. Tajni podaci koje je vrijedi znati, posebno ako je vaša lozinka 123456 ...
- Security researcher
At Carnegie Mellon University, Lorrie Faith Cranor studies online privacy, usable security, phishing, spam and other research around keeping us safe online. Full bio

Double-click the English transcript below to play the video.

00:12
I am a computerračunalo scienceznanost and engineeringinženjering
professorprofesor here at CarnegieCarnegie MellonMellon,
0
535
3445
Ja sam profesorica računalne znanosti i
inženjerstva, ovdje, na Carnegie Mellonu.
00:15
and my researchistraživanje focusesusredotočuje on
usablekorisna privacyprivatnost and securitysigurnosti,
1
3980
4248
Moje istraživanje se bavi primjenjivim
pravilima privatnosti i sigurnosti.
00:20
and so my friendsprijatelji like to give me examplesprimjeri
2
8228
2768
Prijatelji mi vole davati primjere
00:22
of theirnjihov frustrationsfrustracije with computingračunanje systemssustavi,
3
10996
2202
njihove frustriranosti
računalnim sustavima,
00:25
especiallyposebno frustrationsfrustracije relatedpovezan to
4
13198
3354
posebno kada frustriranost ima veze
00:28
unusableneupotrebljiv privacyprivatnost and securitysigurnosti.
5
16552
4112
s neprimjenjivim pravilima
privatnosti i sigurnosti.
00:32
So passwordslozinke are something that I hearčuti a lot about.
6
20664
2711
Tako su lozinke česta tema.
00:35
A lot of people are frustratedfrustriran with passwordslozinke,
7
23375
2880
Puno ljudi je frustrirano s lozinkama,
00:38
and it's badloše enoughdovoljno
8
26255
1694
i dovoljno je zlo
00:39
when you have to have one really good passwordlozinku
9
27949
2644
imati jednu zbilja dobru lozinku
00:42
that you can rememberzapamtiti
10
30593
1822
koju možeš zapamtiti,
00:44
but nobodynitko elsedrugo is going to be ableu stanju to guessnagađati.
11
32415
2894
a da je nitko neće pogoditi.
00:47
But what do you do when you have accountsračuni
12
35309
1637
Ali što napraviti kada imaš
nekoliko korisničkih računa,
00:48
on a hundredstotina differentdrugačiji systemssustavi
13
36946
1808
na stotinu različitih sustava
00:50
and you're supposedtrebala to have a uniquejedinstvena passwordlozinku
14
38754
2276
i trebao bi imati unikatnu lozinku
00:53
for eachsvaki of these systemssustavi?
15
41030
3037
za svaki od tih sustava?
00:56
It's toughtvrd.
16
44067
2184
To je teško.
00:58
At CarnegieCarnegie MellonMellon, they used to make it
17
46251
1759
Na Carnegie Mellonu,
01:00
actuallyzapravo prettyprilično easylako for us
18
48010
1299
su nam olakšavali, zapravo
01:01
to rememberzapamtiti our passwordslozinke.
19
49309
1737
pamćenje naših lozinki.
01:03
The passwordlozinku requirementzahtjev up throughkroz 2009
20
51046
2403
Uvjet za prihvaćenu lozinku do 2009.
01:05
was just that you had to have a passwordlozinku
21
53449
2379
je bio da lozinka sadrži
01:07
with at leastnajmanje one characterlik.
22
55828
2211
barem jedan znak.
01:10
Prettylijep easylako. But then they changedpromijenjen things,
23
58039
2888
Jednostavno. Ali onda su
se pravila promijenila.
01:12
and at the endkraj of 2009, they announcednajavio
24
60927
2670
Krajem 2009. najavljena je
01:15
that we were going to have a newnovi policypolitika,
25
63597
2376
nova politika.
01:17
and this newnovi policypolitika requiredpotreban
26
65973
1863
Ta nova politika je zahtijevala
01:19
passwordslozinke that were at leastnajmanje eightosam characterslikovi long,
27
67836
2681
lozinke duge minimalno osam znakova,
01:22
with an uppercasevelika slova letterpismo, lowercasemala letterpismo,
28
70517
1775
s velikim slovima, malim slovima
01:24
a digitznamenka, a symbolsimbol,
29
72292
1288
brojem, simbolom,
01:25
you couldn'tne mogu use the sameisti
characterlik more than threetri timesputa,
30
73580
2638
isti znak se ne smije
koristiti više od tri puta,
01:28
and it wasn'tnije alloweddopušteno to be in a dictionaryrječnik.
31
76218
2434
i riječ nije smjela biti iz rječnika.
01:30
Now, when they implementedprovoditi this newnovi policypolitika,
32
78652
2182
Kada su implementirali tu novu politiku,
01:32
a lot of people, my colleagueskolege and friendsprijatelji,
33
80834
2310
puno ljudi, mojih kolega i prijatelja,
01:35
camedošao up to me and they said, "WowSjajna osoba,
34
83144
1854
me je pitalo:
01:36
now that's really unusableneupotrebljiv.
35
84998
1512
"Ovo je zbilja neprimjenjivo.
01:38
Why are they doing this to us,
36
86510
1193
Zašto nam to rade
01:39
and why didn't you stop them?"
37
87703
1711
i zašto ih ti nisi zaustavila?"
01:41
And I said, "Well, you know what?
38
89414
1356
A ja sam rekla: "Znaš što?
01:42
They didn't askpitati me."
39
90770
1508
Nisu me niti pitali."
01:44
But I got curiousznatiželjan, and I decidedodlučio to go talk
40
92278
3465
Ali sam postala znatiželjna
i odlučila sam razgovarati
01:47
to the people in chargenaplatiti of our computerračunalo systemssustavi
41
95743
1937
s ljudima zaduženim za računalne sustave
01:49
and find out what led them to introducepredstaviti
42
97680
2831
i otkriti što ih je navelo da uvedu
01:52
this newnovi policypolitika,
43
100511
1848
ovu novu politiku.
01:54
and they said that the universitysveučilište
44
102359
1584
Rekli su mi da se sveučilište
01:55
had joinedspojen a consortiumKonzorcij of universitiessveučilišta,
45
103943
2366
pridružilo konzorciju sveučilišta,
01:58
and one of the requirementszahtjevi of membershipčlanstvo u
46
106309
2634
a jedan od uvjeta za članstvo je
02:00
was that we had to have strongerjači passwordslozinke
47
108943
2248
da članovi imaju jake lozinke.
02:03
that compliedu skladu with some newnovi requirementszahtjevi,
48
111191
2272
Te lozinke su morale
odgovarati novim pravilima,
02:05
and these requirementszahtjevi were that our passwordslozinke
49
113463
2104
ta pravila su zahtijevala da naše lozinke
02:07
had to have a lot of entropyentropija.
50
115567
1604
budu poprilično entropične.
02:09
Now entropyentropija is a complicatedsložen termtermin,
51
117171
2278
Entropija je kompliciran termin,
02:11
but basicallyu osnovi it measuresmjere the strengthsnaga of passwordslozinke.
52
119449
2798
ali u pravilu, mjeri jačinu lozinki.
02:14
But the thing is, there isn't actuallyzapravo
53
122247
1979
Ali, stvar je u tome što ne postoji
02:16
a standardstandard measuremjera of entropyentropija.
54
124226
1949
standardna mjera entropije.
02:18
Now, the NationalNacionalne InstituteInstitut
of StandardsStandarda and TechnologyTehnologija
55
126175
2399
Nacionalni institut za
standarde i tehnologije
02:20
has a setset of guidelinessmjernice
56
128574
1553
ima skup smjernica
02:22
whichkoji have some rulespravila of thumbpalac
57
130127
2568
koje sadrže nekoliko
odokativnih pravila
02:24
for measuringmjerenje entropyentropija,
58
132695
1440
za mjerenje entropije,
02:26
but they don't have anything too specificspecifično,
59
134135
2895
ali nemaju nikakva specifična pravila.
02:29
and the reasonrazlog they only have rulespravila of thumbpalac
60
137030
2337
Razlog za to je taj
02:31
is it turnsokreti out they don't actuallyzapravo have any good datapodaci
61
139367
3136
što nemaju nikakvih pravih podataka
02:34
on passwordslozinke.
62
142503
1520
o lozinkama.
02:36
In factčinjenica, theirnjihov reportizvješće statesDržave,
63
144023
2312
U njihovom izvještaju stoji:
02:38
"UnfortunatelyNažalost, we do not have much datapodaci
64
146335
2328
"Nažalost, nemamo mnogo podataka
02:40
on the passwordslozinke usersKorisnici
chooseizabrati underpod particularposebno rulespravila.
65
148663
2842
o lozinkama koje korisnici odabiru
pri određenim pravilima.
02:43
NISTNIST would like to obtaindobiti more datapodaci
66
151505
2333
NIST bi želio prikupiti više podataka
02:45
on the passwordslozinke usersKorisnici actuallyzapravo chooseizabrati,
67
153838
2462
o lozinkama koje korisnici odabiru,
02:48
but systemsistem administratorsadministratori
are understandablyRazumljivo reluctantprotiv volje
68
156300
2463
ali sistemski administratori,
su razumljivo, nevoljni
02:50
to revealotkriti passwordlozinku datapodaci to othersdrugi."
69
158763
2940
otkriti podatke o lozinkama
trećim stranama."
02:53
So this is a problemproblem, but our researchistraživanje groupskupina
70
161703
3097
Ovo je problem, ali naša
istraživačka skupina
02:56
lookedgledao at it as an opportunityprilika.
71
164800
2140
je to vidjela kao mogućnost.
02:58
We said, "Well, there's a need
for good passwordlozinku datapodaci.
72
166940
3100
Rekli smo: "Postoji potreba
za dobrim podacima o lozinkama.
03:02
Maybe we can collectprikupiti some good passwordlozinku datapodaci
73
170040
2148
Možda mi možemo prikupiti te podatke.
03:04
and actuallyzapravo advancenapredovati the statedržava of the artumjetnost here.
74
172188
2704
I unaprijediti vrhunsku tehnologiju.
03:06
So the first thing we did is,
75
174892
1672
Prva stvar koju smo napravili je
03:08
we got a bagtorba of candybombon barsbarovi
76
176564
1556
da smo nabavili vreću čokoladica,
03:10
and we walkedhodao around campuskampus
77
178120
1086
s kojim smo hodali po kampusu,
03:11
and talkedRazgovarao to studentsstudenti, facultyfakultet and staffosoblje,
78
179206
2798
i razgovarali sa studentima,
profesorima i osobljem
03:14
and askedpitao them for informationinformacija
79
182004
1530
i tražili ih informacije
03:15
about theirnjihov passwordslozinke.
80
183534
1552
o njihovim lozinkama.
03:17
Now we didn't say, "Give us your passwordlozinku."
81
185086
3004
Nismo ih tražili da
nam daju svoje lozinke.
03:20
No, we just askedpitao them about theirnjihov passwordlozinku.
82
188090
2661
Ne, mi smo ih samo pitali o njima.
03:22
How long is it? Does it have a digitznamenka?
83
190751
1478
Koliko su duge? Imaju li broj?
03:24
Does it have a symbolsimbol?
84
192229
1068
Imaju li simbol?
03:25
And were you annoyedojađen at havingima to createstvoriti
85
193297
2045
Smeta li vam što ste morali kreirati
03:27
a newnovi one last weektjedan?
86
195342
2744
novu prošli tjedan?
03:30
So we got resultsrezultati from 470 studentsstudenti,
87
198086
3206
Dobili smo rezultate 470 studenata
03:33
facultyfakultet and staffosoblje,
88
201292
971
profesora i osoblja,
03:34
and indeeddoista we confirmedpotvrđen that the newnovi policypolitika
89
202263
2514
i zaista se potvrdilo da
im je ova nova politika
03:36
was very annoyingdosadan,
90
204777
1453
jako zasmetala.
03:38
but we alsotakođer foundpronađeno that people said
91
206230
1792
Također smo otkrili da
03:40
they feltosjećala more secureosigurati with these newnovi passwordslozinke.
92
208022
3130
su se ljudi osjećali sigurnije
s novim lozinkama.
03:43
We foundpronađeno that mostnajviše people knewznao
93
211152
2306
Otkrili smo da većina ljudi zna
03:45
they were not supposedtrebala to
writepisati theirnjihov passwordlozinku down,
94
213458
2152
da ne bi smjeli zapisivati lozinke,
03:47
and only 13 percentposto of them did,
95
215610
2391
i samo 13 posto njih to radi,
03:50
but disturbinglyuznemirujuće, 80 percentposto of people
96
218001
2416
ali ono što je uznemirujuće 80 posto
03:52
said they were reusingNaknadna uporaba theirnjihov passwordlozinku.
97
220417
2124
njih koristi stare lozinke.
03:54
Now, this is actuallyzapravo more dangerousopasno
98
222541
1796
To je puno opasnije od
03:56
than writingpisanje your passwordlozinku down,
99
224337
2022
zapisivanja lozinke
03:58
because it makesmarke you much
more susceptibleosjetljiv to attackersNapadači.
100
226359
3561
jer vas čini podložnijim napadima.
04:01
So if you have to, writepisati your passwordslozinke down,
101
229920
3118
Dakle, ako baš morate,
zapišite svoju lozinku,
04:05
but don't reuseponovo upotrijebiti them.
102
233038
1799
ali, nemojte ponovno koristiti staru.
04:06
We alsotakođer foundpronađeno some interestingzanimljiv things
103
234837
1751
Otkrili smo i neke zanimljivih stvari
04:08
about the symbolssimboli people use in passwordslozinke.
104
236588
2961
o simbolima koji se koriste.
04:11
So CMUCMU allowsomogućuje 32 possiblemoguće symbolssimboli,
105
239549
2799
CMU dopušta korištenje 32 moguća znaka,
04:14
but as you can see, there's only a smallmali numberbroj
106
242348
2433
ali kao što vidite, mali broj
04:16
that mostnajviše people are usingkoristeći,
107
244781
1802
njih se koristi.
04:18
so we're not actuallyzapravo gettinguzimajući very much strengthsnaga
108
246583
2941
Tako da lozinka ne dobiva puno
04:21
from the symbolssimboli in our passwordslozinke.
109
249524
2466
na snazi korištenjem simbola.
04:23
So this was a really interestingzanimljiv studystudija,
110
251990
2711
Ovo je bila jako zanimljiva studija,
04:26
and now we had datapodaci from 470 people,
111
254701
2464
i dobili smo podatke od 470 ispitanika,
04:29
but in the schemeshema of things,
112
257165
1305
ali generalno,
04:30
that's really not very much passwordlozinku datapodaci,
113
258470
2580
ne radi se o puno podataka.
04:33
and so we lookedgledao around to see
114
261050
1445
Zato smo istraživali
04:34
where could we find additionalDodatne passwordlozinku datapodaci?
115
262495
2560
gdje možemo pronaći još podataka.
04:37
So it turnsokreti out there are a lot of people
116
265055
2176
Tako smo pronašli da postoji hrpa ljudi
04:39
going around stealingkrađa passwordslozinke,
117
267231
2202
koji kradu lozinke,
04:41
and they oftenčesto go and postpošta these passwordslozinke
118
269433
2477
a onda ih često objavljuju
04:43
on the InternetInternet.
119
271910
1337
na Internetu.
04:45
So we were ableu stanju to get accesspristup
120
273247
1673
Uspjeli smo pristupiti
04:46
to some of these stolenukraden passwordlozinku setssetovi.
121
274920
3970
nekima od tih ukradenih lozinki.
04:50
This is still not really idealidealan for researchistraživanje, thoughiako,
122
278890
2328
To nije baš idealna situacija
kada se radi o istraživanju
04:53
because it's not entirelypotpuno clearčisto
123
281218
2037
jer nije posve jasno
04:55
where all of these passwordslozinke camedošao from,
124
283255
2184
odakle potječu te lozinke
04:57
or exactlytočno what policiespolitika were in effectposljedica
125
285439
2242
i pod kojim pravilima
04:59
when people createdstvorio these passwordslozinke.
126
287681
2108
su ih kreirali korisnici.
05:01
So we wanted to find some better sourceizvor of datapodaci.
127
289789
3552
Zbog toga smo željeli
pronaći bolji izvor podataka.
05:05
So we decidedodlučio that one thing we could do
128
293341
1634
Odlučili smo se je najbolji način
05:06
is we could do a studystudija and have people
129
294975
2129
da napravimo studiju i zamolimo ljude
05:09
actuallyzapravo createstvoriti passwordslozinke for our studystudija.
130
297104
3240
da kreiraju lozinke za našu studiju.
05:12
So we used a serviceservis calledzvao
AmazonAmazon MechanicalMehanički TurkTurk,
131
300344
2821
Koristili smo servis koji se zove
Amazon Mechanical Turk.
05:15
and this is a serviceservis where you can postpošta
132
303165
2334
To je servis na kojem se objavljuju
05:17
a smallmali jobposao onlinena liniji that takes a minuteminuta,
133
305499
2304
jednostavni poslovi koji traju minutu,
05:19
a fewnekoliko minutesminuta, an hoursat,
134
307803
1500
nekoliko minuta ili sat,
05:21
and payplatiti people, a pennypeni, tendeset centscenti, a fewnekoliko dollarsdolara,
135
309303
2584
i plaćaju peni, 10 centi
ili nekoliko dolara,
05:23
to do a taskzadatak for you,
136
311887
1346
ljudima nakon što izvrše zadatak.
05:25
and then you payplatiti them throughkroz AmazonAmazon.comcom.
137
313233
2122
Plaćanje se odvija preko Amazona.
05:27
So we paidplaćen people about 50 centscenti
138
315355
2294
Mi smo ljudima plaćali oko 50 centi
05:29
to createstvoriti a passwordlozinku followingsljedeći our rulespravila
139
317649
2596
za stvaranje lozinki pod
određenim pravilima
05:32
and answeringodgovaranje a surveypregled,
140
320245
1410
i sudjelovanje u anketi.
05:33
and then we paidplaćen them again to come back
141
321655
2525
Ponovno smo im platili da se vrate
05:36
two daysdana laterkasnije and logklada in
142
324180
2071
za dva dana i ulogiraju
05:38
usingkoristeći theirnjihov passwordlozinku and answeringodgovaranje anotherjoš surveypregled.
143
326251
2574
koristeći lozinke i
odgovore na drugi upitnik.
05:40
So we did this, and we collectedprikupljeni 5,000 passwordslozinke,
144
328825
4464
Tako smo prikupili 5.000 lozinki
05:45
and we gavedali people a bunchmnogo of differentdrugačiji policiespolitika
145
333289
2695
uz hrpu različitih politika i pravila
05:47
to createstvoriti passwordslozinke with.
146
335984
1508
za stvaranje lozinki.
05:49
So some people had a prettyprilično easylako policypolitika,
147
337492
1910
Neki ispitanicu su imali
jednostavna pravila,
05:51
we call it BasicOsnovne8,
148
339402
1539
nazvali smo ih Basic8,
05:52
and here the only rulepravilo was that your passwordlozinku
149
340941
2146
gdje je jedino pravilo bilo da lozinka
05:55
had to have at leastnajmanje eightosam characterslikovi.
150
343087
3416
ima najmanje osam znakova.
05:58
Then some people had a much harderteže policypolitika,
151
346503
2251
Drugi su morali poštovati
kompliciranije politike,
06:00
and this was very similarsličan to the CMUCMU policypolitika,
152
348754
2537
slične onima na CMU-u,
06:03
that it had to have eightosam characterslikovi
153
351291
1934
gdje je moralo biti osam znakova
06:05
includinguključujući uppercasevelika slova, lowercasemala, digitznamenka, symbolsimbol,
154
353225
2376
uključujući velika i mala slova,
broj i simbol,
06:07
and passproći a dictionaryrječnik checkprovjeriti.
155
355601
2389
i proći provjeru rječnika.
06:09
And one of the other policiespolitika we triedpokušala,
156
357990
1335
Testirali smo još jednu politiku,
06:11
and there were a wholečitav bunchmnogo more,
157
359325
1270
a bilo ih je puno više,
06:12
but one of the onesone we triedpokušala was calledzvao BasicOsnovne16,
158
360595
2240
bila je Basic16,
06:14
and the only requirementzahtjev here
159
362835
2632
s pravilom da
06:17
was that your passwordlozinku had
to have at leastnajmanje 16 characterslikovi.
160
365467
3153
lozinka mora imati najmanje 16 znakova.
06:20
All right, so now we had 5,000 passwordslozinke,
161
368620
2458
Dakle, skupili smo 5.000 lozinki,
06:23
and so we had much more detaileddetaljne informationinformacija.
162
371078
3563
imali smo detaljne informacije.
06:26
Again we see that there's only a smallmali numberbroj
163
374641
2559
Ponovno smo uvidjeli da postoji mali
06:29
of symbolssimboli that people are actuallyzapravo usingkoristeći
164
377200
1915
broj simbola koje korisnici koriste
06:31
in theirnjihov passwordslozinke.
165
379115
1886
u svojim lozinkama.
06:33
We alsotakođer wanted to get an ideaideja of how strongjak
166
381001
2599
Isto tako, željeli smo dobiti ideju
06:35
the passwordslozinke were that people were creatingstvaranje,
167
383600
2771
koliko jake lozinke korisnici kreiraju.
06:38
but as you maysvibanj recallpodsjetiti, there isn't a good measuremjera
168
386371
2620
Ali, ako se sjećate, ne postoji
06:40
of passwordlozinku strengthsnaga.
169
388991
1754
pouzdana mjera jačine lozinke.
06:42
So what we decidedodlučio to do was to see
170
390745
2312
Zato smo odlučili otkriti
06:45
how long it would take to crackpukotina these passwordslozinke
171
393057
2370
koliko vremena treba za
razbijanje lozinke,
06:47
usingkoristeći the bestnajbolje crackingkreking toolsalat
172
395427
1414
koristeći najbolje
alate za razbijanje lozinki,
06:48
that the badloše guys are usingkoristeći,
173
396841
1808
a koje koriste loši momci.
06:50
or that we could find informationinformacija about
174
398649
2016
I one o kojima smo
mogli pronaći informacije
06:52
in the researchistraživanje literatureknjiževnost.
175
400665
1537
u literaturi.
06:54
So to give you an ideaideja of how badloše guys
176
402202
2758
Kako loši momci
06:56
go about crackingkreking passwordslozinke,
177
404960
2170
razbijaju lozinke?
06:59
they will stealukrasti a passwordlozinku filedatoteka
178
407130
1951
Oni kradu datoteke s lozinkama
07:01
that will have all of the passwordslozinke
179
409081
2153
koje sadrže sve lozinke
07:03
in kindljubazan of a scrambledkajgana formoblik, calledzvao a hashmljeveno meso,
180
411234
2889
u šifriranom, haširanom obliku.
07:06
and so what they'lloni će do is they'lloni će make a guessnagađati
181
414123
2562
Tada pogađaju
07:08
as to what a passwordlozinku is,
182
416685
1712
koja je lozinka,
07:10
runtrčanje it throughkroz a hashingraspršeno indeksiranje functionfunkcija,
183
418397
1897
dešifriraju je pomoću hash funkcije
07:12
and see whetherda li it matchesodgovara
184
420294
1765
kako bi vidjeli poklapa li se
07:14
the passwordslozinke they have on
theirnjihov stolenukraden passwordlozinku listpopis.
185
422059
3950
s lozinkama koje su prije ukradene.
07:18
So a dumbglup attackernapadač will try everysvaki passwordlozinku in ordernarudžba.
186
426009
3105
Tako će glup napadač
probavati svaku lozinku po redu.
07:21
They'llOni će startpočetak with AAAAAAAAAA and movepotez on to AAAABAAAAB,
187
429114
3568
Početi će s AAAAA, pa nastavit s AAAAB,
07:24
and this is going to take a really long time
188
432682
2418
i tako će proći puno vremena
07:27
before they get any passwordslozinke
189
435100
1526
prije nego uspije otkriti lozinku.
07:28
that people are really likelyVjerojatno to actuallyzapravo have.
190
436626
2697
za koju je izgledno da ju ljudi koriste.
07:31
A smartpametan attackernapadač, on the other handruka,
191
439323
2183
Pametan napadač,
07:33
does something much more cleverpametan.
192
441506
1386
je puno mudriji.
07:34
They look at the passwordslozinke
193
442892
1826
On provjerava nalaze li se
07:36
that are knownznan to be popularpopularan
194
444718
1800
popularne lozinke
07:38
from these stolenukraden passwordlozinku setssetovi,
195
446518
1727
među ukradenim setovima lozinki.
07:40
and they guessnagađati those first.
196
448245
1189
Njih će prve pogađati.
07:41
So they're going to startpočetak by guessingnagađanje "passwordlozinku,"
197
449434
2134
Krenuti će s "password" (eng. lozinka),
07:43
and then they'lloni će guessnagađati "I love you," and "monkeymajmun,"
198
451568
2751
nakon toga s "Volim te", "majmun"
07:46
and "12345678,"
199
454319
2583
i "12345678".
07:48
because these are the passwordslozinke
200
456902
1312
Jer su ovo lozinke koje
07:50
that are mostnajviše likelyVjerojatno for people to have.
201
458214
1905
će koristiti najviše ljudi.
07:52
In factčinjenica, some of you probablyvjerojatno have these passwordslozinke.
202
460119
3261
Zapravo, vjerojatno netko
od vas ih vjerojatno ima.
07:57
So what we foundpronađeno
203
465191
1298
Što smo otkrili
07:58
by runningtrčanje all of these 5,000 passwordslozinke we collectedprikupljeni
204
466489
3406
testirajući tih 5000 lozinki
koje smo prikupili,
08:01
throughkroz these teststestovi to see how strongjak they were,
205
469895
4106
kako bismo otkrili koliko su jake,
08:06
we foundpronađeno that the long passwordslozinke
206
474001
2752
jest to da su duge lozinke
08:08
were actuallyzapravo prettyprilično strongjak,
207
476753
1280
poprilično jake,
08:10
and the complexkompleks passwordslozinke were prettyprilično strongjak too.
208
478033
3262
isto kao i kompleksne.
08:13
HoweverMeđutim, when we lookedgledao at the surveypregled datapodaci,
209
481295
2442
Međutim, kada smo
proučavali podatke iz anketa,
08:15
we saw that people were really frustratedfrustriran
210
483737
3024
otkrili smo frustriranost ljudi
08:18
by the very complexkompleks passwordslozinke,
211
486761
2339
kompleksnim lozinkama,
08:21
and the long passwordslozinke were a lot more usablekorisna,
212
489100
2630
i duge lozinke su puno više primjenjive,
08:23
and in some casesslučajevi, they were actuallyzapravo
213
491730
1325
a u nekim slučajevima,
08:25
even strongerjači than the complexkompleks passwordslozinke.
214
493055
2908
su i jače nego kompleksne.
08:27
So this suggestssugerira that,
215
495963
1169
Zaključak koji se nameće je da
08:29
insteadumjesto of tellingreći people that they need
216
497132
1703
umjesto zahtijevanja da
08:30
to put all these symbolssimboli and numbersbrojevi
217
498835
1522
lozinke moraju sadržavati
08:32
and crazylud things into theirnjihov passwordslozinke,
218
500357
2842
sve te simbole, brojeve i lude stvari,
08:35
we mightmoć be better off just tellingreći people
219
503199
2022
bolje bi bilo da zahtijevamo da
08:37
to have long passwordslozinke.
220
505221
2652
imaju duge lozinke.
08:39
Now here'sevo the problemproblem, thoughiako:
221
507873
1792
Ali, u ovome je problem:
08:41
Some people had long passwordslozinke
222
509665
2255
Neki ljudi su imali duge lozinke
08:43
that actuallyzapravo weren'tnisu very strongjak.
223
511920
1555
koje zapravo i nisu baš jake.
08:45
You can make long passwordslozinke
224
513475
1997
Možeš kreirati dugu lozinku
08:47
that are still the sortvrsta of thing
225
515472
1556
koju će napadač svejedno
08:49
that an attackernapadač could easilylako guessnagađati.
226
517028
1742
vrlo lako pogoditi.
08:50
So we need to do more than
just say long passwordslozinke.
227
518770
3365
Tako da trebamo puno više
od samo duge lozinke.
08:54
There has to be some additionalDodatne requirementszahtjevi,
228
522135
1936
Moraju postojati još neki uvjeti
08:56
and some of our ongoingu tijeku researchistraživanje is looking at
229
524071
2969
i istraživanje koje trenutno
provodimo promatra
08:59
what additionalDodatne requirementszahtjevi we should adddodati
230
527040
2439
koji su to dodatni uvjeti
koje moramo dodati
09:01
to make for strongerjači passwordslozinke
231
529479
2104
za jake lozinke,
09:03
that alsotakođer are going to be easylako for people
232
531583
2312
koje će bit lako pamtljive
09:05
to rememberzapamtiti and typetip.
233
533895
2698
i koje će biti lako upisivati.
09:08
AnotherJoš jedan approachpristup to gettinguzimajući people to have
234
536593
2126
Jedan od pristupa je
09:10
strongerjači passwordslozinke is to use a passwordlozinku metermetar.
235
538719
2257
korištenje lozinkomjera.
09:12
Here are some examplesprimjeri.
236
540976
1385
Evo nekih primjera.
09:14
You maysvibanj have seenvidio these on the InternetInternet
237
542361
1401
Možda ste to vidjeli na Internetu
09:15
when you were creatingstvaranje passwordslozinke.
238
543762
3057
kada kreirate lozinke.
09:18
We decidedodlučio to do a studystudija to find out
239
546819
2248
Istraživali smo
09:21
whetherda li these passwordlozinku metersmetara actuallyzapravo work.
240
549067
2887
funkcioniraju li ti lozinkomjeri.
09:23
Do they actuallyzapravo help people
241
551954
1421
Pomažu li korisnicima
09:25
have strongerjači passwordslozinke,
242
553375
1453
pri kreiranju jačih lozinki,
09:26
and if so, whichkoji onesone are better?
243
554828
2086
i ako da, koje su bolje?
09:28
So we testedtestiran passwordlozinku metersmetara that were
244
556914
2507
Testirali smo te lozinkomjere
09:31
differentdrugačiji sizesveličine, shapesoblika, colorsboje,
245
559421
2098
različitih veličina, oblika, boja
09:33
differentdrugačiji wordsriječi nextSljedeći to them,
246
561519
1416
s različitim riječima,
09:34
and we even testedtestiran one that was a dancingples bunnyZeko.
247
562935
3275
čak smo i testirali onog koji
je u obliku zečića koji pleše.
09:38
As you typetip a better passwordlozinku,
248
566210
1582
Što je lozinka bolja
09:39
the bunnyZeko dancesplesovi fasterbrže and fasterbrže.
249
567792
2539
zeko pleše brže i brže.
09:42
So this was prettyprilično funzabava.
250
570331
2529
Ovo je bilo zabavno.
09:44
What we foundpronađeno
251
572860
1567
Otkrili smo da
09:46
was that passwordlozinku metersmetara do work.
252
574427
3572
lozinkomjeri zbilja funkcioniraju.
09:49
(LaughterSmijeh)
253
577999
1801
(Smijeh)
09:51
MostVećina of the passwordlozinku metersmetara were actuallyzapravo effectivedjelotvoran,
254
579800
3333
Većina njih je zapravo vrlo učinkovita,
09:55
and the dancingples bunnyZeko was very effectivedjelotvoran too,
255
583133
2521
čak i zeko koji pleše je učinkovit,
09:57
but the passwordlozinku metersmetara that were the mostnajviše effectivedjelotvoran
256
585654
2881
ali oni koji su najučinkovitiji
10:00
were the onesone that madenapravljen you work harderteže
257
588535
2355
su oni koji te natjeraju na razmišljanje
10:02
before they gavedali you that thumbspalac up and said
258
590890
1980
prije nego ti daju odobrenje
10:04
you were doing a good jobposao,
259
592870
1377
i pohvale te.
10:06
and in factčinjenica we foundpronađeno that mostnajviše
260
594247
1512
Saznali smo da je većina
10:07
of the passwordlozinku metersmetara on the InternetInternet todaydanas
261
595759
2281
lozinkomjera na Internetu danas
10:10
are too softmekan.
262
598040
952
previše popustljiva.
10:10
They tell you you're doing a good jobposao too earlyrano,
263
598992
2203
Prerano će te pohvaliti,
10:13
and if they would just wait a little bitbit
264
601195
1929
a da pričekaju samo malo
10:15
before givingdavanje you that positivepozitivan feedbackpovratna veza,
265
603124
2049
s pozitivnom povratnom informacijom,
10:17
you probablyvjerojatno would have better passwordslozinke.
266
605173
3160
vjerojatno biste imali bolje lozinke.
10:20
Now anotherjoš approachpristup to better passwordslozinke, perhapsmožda,
267
608333
3847
Drugi pristup za kreiranje
boljih lozinki, je možda,
10:24
is to use passproći phrasesfraze insteadumjesto of passwordslozinke.
268
612180
2890
korištenje frazi umjesto lozinki.
10:27
So this was an xkcdxkcd cartooncrtani film
from a couplepar of yearsgodina agoprije,
269
615070
3418
Ovo je xkcd strip star nekoliko godina
10:30
and the cartoonistkarikaturist suggestssugerira
270
618488
1674
gdje crtač predlaže
10:32
that we should all use passproći phrasesfraze,
271
620162
2196
da bismo trebali
koristiti fraze kao lozinke,
10:34
and if you look at the seconddrugi rowred of this cartooncrtani film,
272
622358
3170
i ako pogledate drugi red crteža,
10:37
you can see the cartoonistkarikaturist is suggestingsugerirajući
273
625528
1857
vidjeti ćete crtačevu ideju
10:39
that the passproći phrasefraza "correctispravan horsekonj batterybaterija staplespajalica"
274
627385
3441
da bi fraza
"ispravan konj baterija spajalica"
10:42
would be a very strongjak passproći phrasefraza
275
630826
2481
bila vrlo jaka fraza-lozinka
10:45
and something really easylako to rememberzapamtiti.
276
633307
1916
i lako pamtljiva.
10:47
He sayskaže, in factčinjenica, you've alreadyveć rememberedsjetio it.
277
635223
2797
On kaže, zapravo,
da ste je već zapamtili.
10:50
And so we decidedodlučio to do a researchistraživanje studystudija
278
638020
2150
Tako smo se odlučili za istraživanje
10:52
to find out whetherda li this was truepravi or not.
279
640170
2592
kako bismo otkrili je li to istina.
10:54
In factčinjenica, everybodysvi who I talk to,
280
642762
1775
Zapravo, svi s kojima sam razgovarala,
10:56
who I mentionspomenuti I'm doing passwordlozinku researchistraživanje,
281
644537
2042
a spomenula sam im istraživanje
10:58
they pointtočka out this cartooncrtani film.
282
646579
1400
su spomenuli taj strip.
10:59
"Oh, have you seenvidio it? That xkcdxkcd.
283
647979
1574
"Vidjela si ga? Taj xkcd.
11:01
CorrectIspraviti horsekonj batterybaterija staplespajalica."
284
649553
1602
Ispravan konj baterija spajalica."
11:03
So we did the researchistraživanje studystudija to see
285
651155
1806
Proveli smo istraživanje
11:04
what would actuallyzapravo happendogoditi se.
286
652961
2359
kako bismo vidjeli što bi se dogodilo.
11:07
So in our studystudija, we used MechanicalMehanički TurkTurk again,
287
655320
3060
Ponovno smo koristili Mechanical Turk,
11:10
and we had the computerračunalo pickodabrati the randomslučajan wordsriječi
288
658380
4167
a računalo je nasumice izabiralo riječi
11:14
in the passproći phrasefraza.
289
662547
1100
za frazu-lozinku.
11:15
Now the reasonrazlog we did this
290
663647
1153
Razlog za to je taj
11:16
is that humansljudi are not very good
291
664800
1586
što ljudi nisu osobito dobri
11:18
at pickingbranje randomslučajan wordsriječi.
292
666386
1384
u odabiru slučajnih i nasumičnih riječi.
11:19
If we askedpitao a humanljudski to do it,
293
667770
1262
Da smo ljude pitali da ih sami odaberu,
11:21
they would pickodabrati things that were not very randomslučajan.
294
669032
2998
oni bi odabrali riječi koje
nisu nimalo nasumične.
11:24
So we triedpokušala a fewnekoliko differentdrugačiji conditionsUvjeti.
295
672030
2032
Koristili smo nekoliko uvjetovanja.
11:26
In one conditionstanje, the computerračunalo pickedizabran
296
674062
2090
U jednom je računalo odabiralo
11:28
from a dictionaryrječnik of the very commonzajednička wordsriječi
297
676152
2216
iz rječnika vrlo čestih riječi
11:30
in the Englishengleski languagejezik,
298
678368
1362
u engleskom jeziku,
11:31
and so you'dti bi get passproći phrasesfraze like
299
679730
1764
pa smo dobili fraze-lozinke kao što je
11:33
"try there threetri come."
300
681494
1924
"probati ondje tri dolaze".
11:35
And we lookedgledao at that, and we said,
301
683418
1732
Kada smo to vidjeli, pomislili smo
11:37
"Well, that doesn't really seemčiniti se very memorablenezaboravan."
302
685150
3050
da se to ne čini baš jako pamtljivo.
11:40
So then we triedpokušala pickingbranje wordsriječi
303
688200
2240
Nakon toga smo odabirali riječi
11:42
that camedošao from specificspecifično partsdijelovi of speechgovor,
304
690440
2521
koje dolaze iz specifičnih
dijelova govora,
11:44
so how about noun-verb-adjective-nounimenica glagol pridjev imenica.
305
692961
2182
i formu imenica-glagol-pridjev-imenica.
11:47
That comesdolazi up with something
that's sortvrsta of sentence-likerečenicu kao.
306
695143
2577
To je sada već izgledalo kao rečenica.
11:49
So you can get a passproći phrasefraza like
307
697720
2070
Fraze-lozinke su zvučale kao
11:51
"planplan buildsgradi sure powervlast"
308
699790
1308
"plan gradi sigurnu energiju"
11:53
or "endkraj determinesodređuje redcrvena drugdroga."
309
701098
2786
ili "kraj određuje crveni lijek".
11:55
And these seemedčinilo se a little bitbit more memorablenezaboravan,
310
703884
2676
Ove su se činile više pamtljive,
11:58
and maybe people would like those a little bitbit better.
311
706560
2822
možda će se ispitanicima više svidjeti.
12:01
We wanted to compareusporediti them with passwordslozinke,
312
709382
2572
Željeli smo ih usporediti s lozinkama,
12:03
and so we had the computerračunalo
pickodabrati randomslučajan passwordslozinke,
313
711954
3196
imali smo računalo koje generira lozinke
12:07
and these were nicelijepo and shortkratak, but as you can see,
314
715150
1990
koje, iako su bile kratke i drage,
12:09
they don't really look very memorablenezaboravan.
315
717140
2806
nisu izgledale jako pamtljive.
12:11
And then we decidedodlučio to try something calledzvao
316
719946
1396
Odlučili smo probati nešto što se zove
12:13
a pronounceablepronounceable passwordlozinku.
317
721342
1646
izgovorljiva lozinka.
12:14
So here the computerračunalo picksmotika randomslučajan syllablesslogovi
318
722988
2245
Računalo odabire slučajne slogove
12:17
and putsstavlja them togetherzajedno
319
725233
1134
i slaže ih zajedno
12:18
so you have something sortvrsta of pronounceablepronounceable,
320
726367
2475
tako da se dobije nešto
što je donekle izgovorljivo
12:20
like "tufritvitufritvi" and "vadasabivadasabi."
321
728842
2602
kao "tufritvi" i "vadasabi".
12:23
That one kindljubazan of rollspecivo off your tonguejezik.
322
731444
2147
Na tome se zbilja lomi jezik.
12:25
So these were randomslučajan passwordslozinke that were
323
733591
2216
To su bile nasumične lozinke koje
12:27
generatedgeneriran by our computerračunalo.
324
735807
2744
je generiralo računalo.
12:30
So what we foundpronađeno in this studystudija was that, surprisinglyiznenađujuče,
325
738551
2978
Ono što smo otkrili bilo je iznenađujuće
12:33
passproći phrasesfraze were not actuallyzapravo all that good.
326
741529
3768
fraze-lozinke nisu se iskazale.
12:37
People were not really better at rememberingsjećanja
327
745297
2793
Ispitanici nisu bolje pamtili
12:40
the passproći phrasesfraze than these randomslučajan passwordslozinke,
328
748090
2953
fraze-lozinke od onih nasumičnih lozinki.
12:43
and because the passproći phrasesfraze are longerviše,
329
751043
2754
A kako su bile i duže,
12:45
they tookuzeo longerviše to typetip
330
753797
1226
bilo je potrebno puno više
vremena za njihovo upisivanje
12:47
and people madenapravljen more errorsgreške while typingkucanje them in.
331
755023
3010
i ispitanici su radili više
greški dok su ih upisivali.
12:50
So it's not really a clearčisto winpobijediti for passproći phrasesfraze.
332
758033
3227
Tako da fraze-lozinke nisu pobijedile.
12:53
Sorry, all of you xkcdxkcd fansfanovi.
333
761260
3345
Žao mi je, xkcd fanovi.
12:56
On the other handruka, we did find
334
764605
1892
S druge strane, otkrili smo
12:58
that pronounceablepronounceable passwordslozinke
335
766497
1804
da su izgovorljive lozinke
13:00
workedradio surprisinglyiznenađujuče well,
336
768301
1471
funkcionirale jako dobro
13:01
and so we actuallyzapravo are doing some more researchistraživanje
337
769772
2418
tako da radimo još jedno istraživanje
13:04
to see if we can make that
approachpristup work even better.
338
772190
3195
kako bismo otkrili možemo
li tako riješiti bolje problem.
13:07
So one of the problemsproblemi
339
775385
1812
Jedan od problema
13:09
with some of the studiesstudije that we'veimamo doneučinio
340
777197
1623
s tim istraživanjima je
13:10
is that because they're all doneučinio
341
778820
1683
taj što su rezultati dobiveni
13:12
usingkoristeći MechanicalMehanički TurkTurk,
342
780503
1590
pomoću Mechanical Turka,
13:14
these are not people'snarodno realstvaran passwordslozinke.
343
782093
1812
odnosno, to nisu prave lozinke.
13:15
They're the passwordslozinke that they createdstvorio
344
783905
2105
To su lozinke koje koje su
korisnici kreirali
13:18
or the computerračunalo createdstvorio for them for our studystudija.
345
786010
2495
ili je računalo generiralo
za potrebe istraživanja.
13:20
And we wanted to know whetherda li people
346
788505
1568
Mi smo željeli znati bi li se
13:22
would actuallyzapravo behaveponašati the sameisti way
347
790073
2312
ispitanici jednako ponašali
13:24
with theirnjihov realstvaran passwordslozinke.
348
792385
2227
kada bi morali kreirati prave lozinke.
13:26
So we talkedRazgovarao to the informationinformacija
securitysigurnosti officeured at CarnegieCarnegie MellonMellon
349
794612
3681
Zato smo razgovarali s Uredom
za informacijsku sigurnost na CMU-u
13:30
and askedpitao them if we could
have everybody'ssvatko je realstvaran passwordslozinke.
350
798293
3803
i pitali ih možemo li dobiti
prave lozinke korisnika.
13:34
Not surprisinglyiznenađujuče, they were a little bitbit reluctantprotiv volje
351
802096
1754
Nije iznenađenje da nisu
13:35
to sharePodjeli them with us,
352
803850
1550
željeli podijeliti ih s nama,
13:37
but we were actuallyzapravo ableu stanju to work out
353
805400
1810
ali smo uspjeli smisliti
13:39
a systemsistem with them
354
807210
1040
sustav s njima
13:40
where they put all of the realstvaran passwordslozinke
355
808250
2109
u kojem su sve prave lozinke
13:42
for 25,000 CMUCMU studentsstudenti, facultyfakultet and staffosoblje,
356
810359
3091
25.000 studenata, profesora i osoblja,
13:45
into a lockedzaključan computerračunalo in a lockedzaključan roomsoba,
357
813450
2448
pohranili u zaključano računalo,
u zaključanu sobu,
13:47
not connectedpovezan to the InternetInternet,
358
815898
1394
koja nije povezana na Internet,
13:49
and they ranran codekodirati on it that we wrotenapisao
359
817292
1848
i provukli kroz kod koji smo mi napisali
13:51
to analyzeanalizirati these passwordslozinke.
360
819140
2152
za analizu lozinki.
13:53
They auditedrevidirana our codekodirati.
361
821292
1326
Oni su provjerili naš kod.
13:54
They ranran the codekodirati.
362
822618
1312
Oni su ubacili kod.
13:55
And so we never actuallyzapravo saw
363
823930
1738
Tako da mi zapravo nismo vidjeli
13:57
anybody'stko je passwordlozinku.
364
825668
2817
ničiju lozinku.
14:00
We got some interestingzanimljiv resultsrezultati,
365
828485
1515
Dobili smo zanimljive rezultate.
14:02
and those of you TepperTepper studentsstudenti in the back
366
830000
1696
Studentima na Tepperu, koji sjede iza
14:03
will be very interestedzainteresiran in this.
367
831696
2875
će ovo biti jako zanimljivo.
14:06
So we foundpronađeno that the passwordslozinke createdstvorio
368
834571
3731
Dakle, otkrili smo da su
lozinke koje su kreirali
14:10
by people affiliatedpovezana with the
schoolškola of computerračunalo scienceznanost
369
838302
2158
studenti informatike
14:12
were actuallyzapravo 1.8 timesputa strongerjači
370
840460
2324
1,8 puta jače
14:14
than those affiliatedpovezana with the businessPoslovni schoolškola.
371
842784
3738
od onih koje su kreirali
studenti ekonomije.
14:18
We have lots of other really interestingzanimljiv
372
846522
2040
Također smo dobili puno zanimljivih
14:20
demographicdemografski informationinformacija as well.
373
848562
2238
demografskih informacija.
14:22
The other interestingzanimljiv thing that we foundpronađeno
374
850800
1846
Zanimljivo je otkriće da
14:24
is that when we comparedu odnosu
the CarnegieCarnegie MellonMellon passwordslozinke
375
852646
2440
kada smo usporedili lozinke sveučilišta
14:27
to the MechanicalMehanički Turk-generatedTurk-generiran passwordslozinke,
376
855086
2283
s onima s Mechanical Turka,
14:29
there was actuallyzapravo a lot of similaritiessličnosti,
377
857369
2619
pronašli smo puno sličnosti.
14:31
and so this helpedpomogao validateProvjeri valjanost our researchistraživanje methodnačin
378
859988
1948
To je potvrdilo naše istraživačke metode
14:33
and showpokazati that actuallyzapravo, collectingprikupljanje passwordslozinke
379
861936
2510
i pokazalo da je prikupljanje lozinki
14:36
usingkoristeći these MechanicalMehanički TurkTurk studiesstudije
380
864446
1808
za istraživanje
koristeći Mechanical Turk
14:38
is actuallyzapravo a validvrijedi way to studystudija passwordslozinke.
381
866254
2788
dobar način za proučavanje lozinki.
14:41
So that was good newsvijesti.
382
869042
2285
To su bile dobre vijesti.
14:43
Okay, I want to closeblizu by talkingkoji govori about
383
871327
2414
U redu, željela bih zaključiti
14:45
some insightsuvidi I gainedstekao while on sabbaticalslobodna godina
384
873741
2068
s nekoliko stvari koje sam uvidjela
dok sam bila prošle godine
14:47
last yeargodina in the CarnegieCarnegie MellonMellon artumjetnost schoolškola.
385
875809
3201
na slobodnoj godini na umjetničkom
odsjeku Carnegie Mellon-a.
14:51
One of the things that I did
386
879010
1281
Jedna od stvari koje sam napravila
14:52
is I madenapravljen a numberbroj of quiltspopluni,
387
880291
1524
je da sam napravila nekoliko popluna.
14:53
and I madenapravljen this quiltpoplun here.
388
881815
1548
I ovaj ovdje.
14:55
It's calledzvao "SecuritySigurnost BlanketDeka."
389
883363
1899
Zove se "Sigurnosna dekica".
14:57
(LaughterSmijeh)
390
885262
2431
(Smijeh)
14:59
And this quiltpoplun has the 1,000
391
887693
3095
Taj poplun ima 1.000
15:02
mostnajviše frequentčest passwordslozinke stolenukraden
392
890788
2328
lozinki koje se najčešće ukradu,
15:05
from the RockYouRockYou websiteweb stranica.
393
893116
2571
a nalaze se na stranici RockYou.
15:07
And the sizeveličina of the passwordslozinke is proportionalproporcionalan
394
895687
2061
Veličina lozinke je proporcionalna
15:09
to how frequentlyčesto they appearedpojavio se
395
897748
1901
učestalosti njezina pojavljivanja
15:11
in the stolenukraden datasetskup podataka.
396
899649
2248
u setovima ukradenih lozinki.
15:13
And what I did is I createdstvorio this wordriječ cloudoblak,
397
901897
2632
Stvorila sam ovaj oblak riječi,
15:16
and I wentotišao throughkroz all 1,000 wordsriječi,
398
904529
2132
proučila svih tih 1.000 riječi,
15:18
and I categorizedkategorizirane them into
399
906661
1795
i kategorizirala ih
15:20
looselabav thematictematski categorieskategorije.
400
908456
2380
u okvirne tematske kategorije.
15:22
And it was, in some casesslučajevi,
401
910836
1903
U nekim slučajevima
15:24
it was kindljubazan of difficulttežak to figurelik out
402
912739
2038
je bilo teško odrediti
15:26
what categorykategorija they should be in,
403
914777
1755
kojoj bi kategoriji trebali pripadati.
15:28
and then I color-codedoznačeni bojom them.
404
916532
1899
Isto tako sam im pridružila boju.
15:30
So here are some examplesprimjeri of the difficultyteškoća.
405
918431
2619
Ovo je nekoliko primjera onih teških.
15:33
So "justinJustin."
406
921050
1181
Na primjer "justin".
15:34
Is that the nameime of the userkorisnik,
407
922231
1829
Je li to ime korisnika,
15:36
theirnjihov boyfrienddečko, theirnjihov sonsin?
408
924060
1322
korisnikova dečka ili sina?
15:37
Maybe they're a JustinJustin BieberBieber fanventilator.
409
925382
2888
Možda je korisnik
samo fan Justina Bibera.
15:40
Or "princessprinceza."
410
928270
2225
Ili "princess".
15:42
Is that a nicknameNadimak?
411
930495
1635
Je li to nadimak?
15:44
Are they DisneyDisney princessprinceza fansfanovi?
412
932130
1595
Ili se radi o fanu princeza
iz Disneyjevih bajki.
15:45
Or maybe that's the nameime of theirnjihov catmačka.
413
933725
3694
Može biti i ime mačke.
15:49
"IloveyouILOVEYOU" appearsČini manymnogi timesputa
414
937419
1655
"Volimte" se često pojavljuje
15:51
in manymnogi differentdrugačiji languagesjezici.
415
939074
1545
na različitim jezicima.
15:52
There's a lot of love in these passwordslozinke.
416
940619
3735
Puno je ljubavi u lozinkama.
15:56
If you look carefullypažljivo, you'llvi ćete see there's alsotakođer
417
944354
1680
Ako pažljivo promatrate,
15:58
some profanitypsovke,
418
946034
2267
vidjeti ćete i vulgarnosti.
16:00
but it was really interestingzanimljiv to me to see
419
948301
1950
Ali mi je zanimljivo vidjeti
16:02
that there's a lot more love than hatemrziti
420
950251
2307
da je puno više ljubavi nego mržnje
16:04
in these passwordslozinke.
421
952558
2292
u lozinkama.
16:06
And there are animalsživotinje,
422
954850
1490
Također, tu su i životinje,
16:08
a lot of animalsživotinje,
423
956340
1360
puno je životinja,
16:09
and "monkeymajmun" is the mostnajviše commonzajednička animalživotinja
424
957700
2304
"majmun" je najčešća životinja
16:12
and the 14thth mostnajviše popularpopularan passwordlozinku overallCjelokupni.
425
960004
3675
i 14. najpopularnija lozinka ukupno.
16:15
And this was really curiousznatiželjan to me,
426
963679
2231
A to mi je bilo jako zanimljivo,
16:17
and I wonderedpitala, "Why are monkeysmajmuni so popularpopularan?"
427
965910
2523
pitala sam se zašto su
majmuni toliko popularni.
16:20
And so in our last passwordlozinku studystudija,
428
968433
3352
Zato smo u zadnjem istraživanju,
16:23
any time we detectedotkriven somebodyneko
429
971785
1686
svaki put kada bismo detektirali
16:25
creatingstvaranje a passwordlozinku with the wordriječ "monkeymajmun" in it,
430
973471
2649
kreiranje lozinke s riječi "majmun",
16:28
we askedpitao them why they had
a monkeymajmun in theirnjihov passwordlozinku.
431
976120
3030
pitali ispitanika zašto njihova
lozinka ima majmuna u sebi.
16:31
And what we foundpronađeno out --
432
979150
1910
i otkrili smo,
16:33
we foundpronađeno 17 people so fardaleko, I think,
433
981060
2103
mislim da zasada imamo 17-tero njih,
16:35
who have the wordriječ "monkeymajmun" --
434
983163
1283
s riječi "majmun" u lozinki.
16:36
We foundpronađeno out about a thirdtreći of them said
435
984446
1812
Otkrili smo da trećina njih
16:38
they have a petljubimac namedpod nazivom "monkeymajmun"
436
986258
1740
ima ljubimca koji se zove "majmun",
16:39
or a friendprijatelj whosečije nicknameNadimak is "monkeymajmun,"
437
987998
2291
ili prijatelja čiji je nadimak "majmun".
16:42
and about a thirdtreći of them said
438
990289
1660
Trećina njih je rekla
16:43
that they just like monkeysmajmuni
439
991949
1533
da vole majmune
16:45
and monkeysmajmuni are really cuteslatka.
440
993482
1638
i da su im oni baš slatki.
16:47
And that guy is really cuteslatka.
441
995120
3639
Ovaj stvarno je sladak.
16:50
So it seemsčini se that at the endkraj of the day,
442
998759
3408
Tako, sve u svemu, čini se da
16:54
when we make passwordslozinke,
443
1002167
1783
kada kreiramo lozinke,
16:55
we eitherili make something that's really easylako
444
1003950
1974
mi ili smislimo nešto
što je vrlo jednostavno
16:57
to typetip, a commonzajednička patternuzorak,
445
1005924
3009
za napisati, nekakav poznati uzorak,
17:00
or things that remindpodsjetiti us of the wordriječ passwordlozinku
446
1008933
2486
ili nešto na što nas
podsjeća riječ lozinka,
17:03
or the accountračun that we'veimamo createdstvorio the passwordlozinku for,
447
1011419
3312
ili račun za koji stvaramo lozinku.
17:06
or whateveršto god.
448
1014731
2617
ili kakogod.
17:09
Or we think about things that make us happysretan,
449
1017348
2642
Ili razmišljamo o stvarima
koje nas čine sretnima
17:11
and we createstvoriti our passwordlozinku
450
1019990
1304
pa kreiramo lozinke
17:13
basedzasnovan on things that make us happysretan.
451
1021294
2238
bazirane na stvarima
koje nas čine sretnima.
17:15
And while this makesmarke typingkucanje
452
1023532
2863
Iako je time upisivanje
17:18
and rememberingsjećanja your passwordlozinku more funzabava,
453
1026395
2870
i prisjećanje lozinke, zabavnije,
17:21
it alsotakođer makesmarke it a lot easierlakše
454
1029265
1807
također je i jednostavnije
17:23
to guessnagađati your passwordlozinku.
455
1031072
1506
tako pogoditi vašu lozinku.
17:24
So I know a lot of these TEDTED TalksRazgovori
456
1032578
1748
Znam da je smisao TEDTalk-a
17:26
are inspirationalinspirativna
457
1034326
1634
da vas inspiriraju
17:27
and they make you think about nicelijepo, happysretan things,
458
1035960
2461
i da mislite o lijepim, stvarima
koje vas čine sretnim,
17:30
but when you're creatingstvaranje your passwordlozinku,
459
1038421
1897
ali kada kreirate lozinku,
17:32
try to think about something elsedrugo.
460
1040318
1991
pokušajte razmišljati o nečemu drugome.
17:34
Thank you.
461
1042309
1107
Hvala.
17:35
(ApplausePljesak)
462
1043416
553
(Pljesak)
Translated by Izidora Zganjer
Reviewed by Ivan Stamenkovic

▲Back to top

ABOUT THE SPEAKER
Lorrie Faith Cranor - Security researcher
At Carnegie Mellon University, Lorrie Faith Cranor studies online privacy, usable security, phishing, spam and other research around keeping us safe online.

Why you should listen

Lorrie Faith Cranor is an Associate Professor of Computer Science and of Engineering and Public Policy at Carnegie Mellon University, where she is director of the CyLab Usable Privacy and Security Laboratory (CUPS) and co-director of the MSIT-Privacy Engineering masters program. She is also a co-founder of Wombat Security Technologies, Inc. She has authored over 100 research papers on online privacy, usable security, phishing, spam, electronic voting, anonymous publishing, and other topics.

Cranor plays a key role in building the usable privacy and security research community, having co-edited the seminal book Security and Usability and founded the Symposium On Usable Privacy and Security (SOUPS). She also chaired the Platform for Privacy Preferences Project (P3P) Specification Working Group at the W3C and authored the book Web Privacy with P3P. She has served on a number of boards, including the Electronic Frontier Foundation Board of Directors, and on the editorial boards of several journals. In 2003 she was named one of the top 100 innovators 35 or younger by Technology Review.

More profile about the speaker
Lorrie Faith Cranor | Speaker | TED.com