Ma'ajiyar NPM ta ƙunshi tabbataccen abu biyu na wajibi don asusu masu kiyaye fakitin NPM 500 mafi mashahuri. An yi amfani da adadin fakitin dogaro azaman ma'aunin shahara. Masu kula da fakitin da aka jera za su iya yin ayyukan da ke da alaƙa da gyare-gyare a ma'ajiyar bayan sun ba da damar tantance abubuwa biyu, waɗanda ke buƙatar tabbatar da shiga ta amfani da kalmomin sirri na lokaci ɗaya (TOTP) waɗanda aikace-aikace kamar Authy, Google Authenticator da FreeOTP, ko hardware ke samarwa. maɓallai da na'urorin sikanin halittu, masu goyan bayan ka'idar WebAuth.
Wannan shi ne mataki na uku na karfafa kariyar NPM daga yin sulhu da asusu. Mataki na farko ya haɗa da canza duk asusun NPM waɗanda ba su da ingantattun abubuwa guda biyu da aka ba su damar amfani da ingantaccen tabbaci na asusu, wanda ke buƙatar shigar da lambar lokaci ɗaya da aka aiko ta imel lokacin ƙoƙarin shiga npmjs.com ko aiwatar da ingantaccen aiki a cikin npm. mai amfani. A kashi na biyu, an ba da izinin tabbatar da abubuwa biyu na tilas don fakiti 100 da suka fi shahara.
Bari mu tuna cewa bisa ga binciken da aka gudanar a cikin 2020, kawai 9.27% na masu kula da kunshin sun yi amfani da ingantattun abubuwa guda biyu don kare damar shiga, kuma a cikin 13.37% na lokuta, lokacin yin rajistar sabbin asusu, masu haɓakawa sun yi ƙoƙarin sake amfani da kalmomin sirri da suka bayyana a cikin sanannun. kalmar sirri na leaks. Yayin nazarin tsaron kalmar sirri, kashi 12% na asusun NPM (13% na fakiti) an sami isa ga amfani da kalmar sirri da ake iya tsinkaya da marasa mahimmanci kamar "123456." Daga cikin matsalolin akwai asusun masu amfani guda 4 daga manyan fakiti 20 mafi mashahuri, asusun 13 tare da fakiti da aka zazzage fiye da sau miliyan 50 a kowane wata, 40 tare da zazzagewa sama da miliyan 10 a kowane wata, da 282 tare da abubuwan zazzagewa sama da miliyan 1 kowane wata. Yin la'akari da lodin kayayyaki tare da jerin abubuwan dogaro, sasantawa na asusun da ba a amince da shi ba zai iya tasiri har zuwa 52% na duk kayayyaki a cikin NPM.
source: budenet.ru