防止注册用户共享密码 [英] Preventing registered users from sharing passwords

问题描述

以下是处理网站安全情况的建议.我想知道从技术和可用性的角度来看这是否可行.我想确保提案确实包含任何明显的错误.

Below is a proposal for dealing with a situation of website security. I am wondering whether it seems feasible, from both a technical and usability point of view. I want to make sure that the proposal does contain any glaring errors.

A.网站

该网站是一个学校网站，学生可以在该网站上购买各种物品.这些学生在网站上获得一个带有用户名和密码的帐户，可以用来登录.登录后，他们可以访问包含私人内容的受保护页面，而这些页面一般不向公众开放.

The website in question is a school website where students may purchase various items. These students get an account on the website with a username and password, which they can use to login. Once they login, they have access to protected pages with private content which are unavailable to the public at large.

B.安全问题

网站所有者希望防止出现单个学生在网站上注册，获得用户名和密码，然后将这些凭据传播给朋友圈，然后这些人可以登录网站并非法的情况查看私人内容.

The owners of the website wish to prevent a situation where a single student signs up on the website, obtains a username and password, and then circulates those credentials to a circle of friends who are then able to login to the website and illegally view the private content.

C.解决方案

我们为解决这个安全问题提出的中心思想是允许每个学生仅在两台设备上登录网站.一旦学生在两个不同的设备上登录，他们就被限制在这两个设备上.如果他们随后尝试在第三台设备上登录，系统将不会允许他们这样做.据我们了解，其他提供私人内容的网站(例如 Netflix)也使用这种方法.

The central idea we have come up with to deal with this security problem is to permit each student to login to the website on two devices only. Once a student logs in on two different devices, they are restricted to those two devices. If they then attempt to login on a third device, the system would simply not permit them to do so. It is our understanding that other websites offering private content, such as Netflix, use such an approach.

D.实施

想到实施上述安全措施的两个想法:IP地址.湾饼干.我们排除了可能会更改的 IP 地址，并选择了 cookie.像 amazon.com 这样的网站允许他们的客户登录一次，然后每当他们返回网站时，他们总是被识别出来.这几乎可以肯定是通过 cookie 实现的.

Two ideas come to mind to implement the above security measure: a. IP address. b. Cookies. We rule out IP addresses, which can change, and choose cookies. Websites such as amazon.com allow their customers to login once, and then whenever they return to the website, they are always recognized. This is almost certainly achieved through cookies.

因此，每次学生登录时，我们都会在他们的设备上存储一个 cookie.我们还会将此 cookie 存储在该学生帐户下的数据库中.因此，每次学生登录任何设备时，我们都会检查他们当前登录的设备是否包含我们为该学生存储的 cookie.如果没有，我们将知道该学生正在其他设备上登录.因此，我们将能够知道学生尝试登录的设备数量.

Thus each time a student logs in, we will store on their device a cookie. And we will also store this cookie in our database under that student's account. Thus each time a student logs in on any device, we will check whether the device they are currently logging in on contains the cookie we have stored for that student. If it does not, we will know that the student is logging in on a different device. We will thus be able to know how many devices the student is trying to login on.

E.缺点

我们已经确定了这种方法的至少三个可能的缺点:

We have identified at least three possible drawbacks to this approach:

1. 清除 Cookie.人们可以出于各种原因选择清除计算机中的 Cookie.
2. 善意的人有时可能无法访问他们常用的设备，而希望在不同的计算机上登录.
3. 人们会不时购买新设备.

这些是真实用户出于合法原因希望登录但由于网站对两台设备的安全限制而无法登录的情况示例.

These are examples of situations where a bona fide user, for legitimate reasons, wishes to login, but will be unable to, due to the website's security restriction of two devices.

对于如何在系统中构建逻辑来处理这种情况，我们有一些想法，我们可能会在未来实施，但目前，我们觉得这种情况非常罕见，我们不需要以编程方式处理它们.

We have some ideas as to how to build logic into the system to deal with such situations, which we may implement in the future, but for the time being, we feel that such situations are sufficiently rare that we do not need to handle them programmatically.

相反，就目前而言，如果学生被锁定，他们将看到一个屏幕，其中显示一条消息，说明我们不允许他们进入系统的原因，以及一个他们可以点击的按钮，该按钮将自动生成一个发送给网站管理员的电子邮件.

Rather, for now, in the event that a student is locked out, they will get a screen with a message explaining why we have not allowed them into the system, and a button which they can click on which will automatically generate an email to the site administrators.

电子邮件将通知他们学生希望在第三台设备上登录.然后，管理员可以联系学生，如果他们对真正的需求感到满意，他们将能够从 CMS 中采取措施以允许该学生进入.

The email will inform them that a student wishes to login on a third device. The administators can then contact the student, and, if they are satisfied that the need is bona fide, they will be able to take steps from the CMS to allow that student in.

学生团体的规模足够可控，因此上述方法应该是可行的.

The size of the student body is sufficiently manageable that the above approach should be feasible.

F.公平警告

我们会在学生账户激活时通知他们这些安全措施，以防止出现不愉快的意外.

We will inform the students of these security measures when their account is activated, in order to prevent unpleasant surprises.

推荐答案

这是尝试通过 IT 解决现实世界政策问题的典型示例；在这种情况下，禁止学生分享他们的凭据.

This is a typical example of trying to fix via IT a real-world policy problem; in this case, forbidding students to share their credentials.

您提出的解决方案限制了可用性(原因已在缺点"下列出)并且不能确保安全，因为 cookie(尤其是内容)可以被复制.简而言之，这是可行的，但很容易被规避.是否值得实施由您来决定.强制执行无共享凭据"规则可能会更好，例如设置随机检查并将任何发现违反规则的学生发送给院长.

The solution you are proposing limits usability (for the reasons which you already listed under Drawbacks) and does not ensure security because cookies - and especially content - can be copied around. In short, it is feasible, but can easily be circumvented. It's up to you to decide whether it is worth to implement it. It would probably be better to enforce the "no sharing credentials" rule e.g. set up random checks and send any student caught violating the rule to the Dean.

这篇关于防止注册用户共享密码的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！