Chifukwa chakuchulukirachulukira kwa nkhokwe zama projekiti akuluakulu omwe akubedwa komanso ma code oyipa omwe akulimbikitsidwa chifukwa cha kunyengerera kwamaakaunti omanga, GitHub ikubweretsa kutsimikizika kofalikira kwa akaunti. Payokha, kutsimikizika kwazinthu ziwiri kudzayambitsidwa kwa oyang'anira ndi oyang'anira mapaketi 500 otchuka a NPM koyambirira kwa chaka chamawa.
Kuyambira pa Disembala 7, 2021 mpaka Januware 4, 2022, osamalira onse omwe ali ndi ufulu wofalitsa mapaketi a NPM, koma osagwiritsa ntchito kutsimikizika kwazinthu ziwiri, adzasinthidwa kugwiritsa ntchito kutsimikizira kwa akaunti yayitali. Chitsimikizo chapamwamba chimafunika kulowetsa nambala yanthawi imodzi yotumizidwa ndi imelo mukayesa kulowa patsamba la npmjs.com kapena kuchita ntchito yotsimikizika muzothandizira za npm.
Kutsimikizira kokwezedwa sikulowa m'malo, koma kumangowonjezera, kutsimikizika kwazinthu ziwiri komwe kunalipo kale, komwe kumafunikira kutsimikiziridwa pogwiritsa ntchito mawu achinsinsi anthawi imodzi (TOTP). Kutsimikizira kwazinthu ziwiri kuyatsa, kutsimikiziranso kwa imelo sikugwiritsidwa ntchito. Kuyambira pa February 1, 2022, njira yosinthira kutsimikizika kwazinthu ziwiri kudzayamba kwa osamalira mapaketi 100 otchuka a NPM okhala ndi chiwerengero chachikulu chodalira. Pambuyo pomaliza kusamuka kwa zana loyamba, kusinthaku kudzagawidwa kumapaketi 500 otchuka kwambiri a NPM ndi chiwerengero cha odalira.
Kuphatikiza pa chiwembu chotsimikizika chazinthu ziwiri chomwe chilipo pakali pano kutengera ntchito zopangira mapasiwedi anthawi imodzi (Authy, Google Authenticator, FreeOTP, ndi zina), mu Epulo 2022 akukonzekera kuwonjezera kuthekera kogwiritsa ntchito makiyi a Hardware ndi scanner biometric, chomwe chili ndi chithandizo cha protocol ya WebAuthn, komanso kuthekera kolembetsa ndi kuyang'anira zinthu zina zowonjezera zotsimikizira.
Tikumbukire kuti, malinga ndi kafukufuku yemwe adachitika mu 2020, 9.27% ββyokha ya omwe amasunga phukusi amagwiritsa ntchito kutsimikizika kwazinthu ziwiri kuti ateteze mwayi, ndipo mu 13.37% yamilandu, polembetsa maakaunti atsopano, opanga adayesa kugwiritsanso ntchito mapasiwedi omwe adasokonezedwa. kutayikira achinsinsi odziwika. Pakuwunika kwachitetezo chachinsinsi, 12% ya maakaunti a NPM (13% yamaphukusi) adafikiridwa chifukwa chogwiritsa ntchito mawu achinsinsi odziwika bwino monga "123456." Zina mwazovuta zinali maakaunti 4 a ogwiritsa ntchito pamapaketi 20 otchuka kwambiri, maakaunti 13 okhala ndi mapaketi amatsitsidwa nthawi zopitilira 50 miliyoni pamwezi, 40 ndikutsitsa kopitilira 10 miliyoni pamwezi, ndi 282 ndikutsitsa kopitilira 1 miliyoni pamwezi. Poganizira kutsitsa kwa ma module motsatira unyinji wodalira, kunyengerera kwa maakaunti osadalirika kumatha kukhudza mpaka 52% ya ma module onse mu NPM.
Source: opennet.ru