Nekuda kwekuwedzera kuri kuita nyaya dzekuchengetera mapurojekiti makuru ari kubiwa uye kodhi ine hutsinye ichisimudzirwa kuburikidza nekukanganisika kwemaakaunti evagadziri, GitHub iri kuunza yakapararira yakawedzera kusimbiswa kweakaundi. Zvakaparadzana, zvinosungirwa-zviviri-zvinhu kuvimbiswa zvichaunzwa kune vanochengeta uye vatariri ve500 inonyanya kufarirwa NPM mapakeji kutanga kwegore rinouya.
Kubva muna Zvita 7, 2021 kusvika Ndira 4, 2022, vese vanochengeta vane kodzero yekuburitsa NPM mapakeji, asi vasingashandisi-zvinhu zviviri-zvimisikidzo, vachachinjirwa kushandisa yakawedzera account verification. Kuongorora kwepamberi kunoda kuisa kodhi yenguva imwe chete inotumirwa neemail paunenge uchiedza kupinda muwebhusaiti npmjs.com kana kuita oparesheni yakatendeseka mune npm utility.
Kusimbiswa kwakasimbiswa hakutsivi, asi kunongozadzisa chete, iyo yaimbove iripo sarudzo mbiri-factor authentication, iyo inoda kusimbiswa uchishandisa imwe-nguva passwords (TOTP). Kana mbiri-yechokwadi yechinhu ichigoneswa, yakawedzerwa email verification haishandiswe. Kutanga Kukadzi 1, 2022, maitiro ekuchinja kune anosungirwa maviri-chinhu chechokwadi achatanga kune vanochengetedza zana anozivikanwa kwazvo NPM mapakeji ane huwandu hukuru hwekutsamira. Mushure mekupedza kutama kwezana rekutanga, shanduko ichagoverwa kune mazana mashanu anozivikanwa zvikuru eNPM mapakeji nehuwandu hwekutsamira.
Pamusoro peiyo iripo-mbiri-chinhu chechokwadi chirongwa chakavakirwa pamashandisirwo ekugadzira mapassword enguva imwe chete (Authy, Google Authenticator, FreeOTP, nezvimwewo), muna Kubvumbi 2022 vanoronga kuwedzera kugona kushandisa makiyi ehardware uye biometric scanner, iyo kune tsigiro yeWebAuthn protocol, uye zvakare kugona kunyoresa uye kubata akasiyana ekuwedzera echokwadi zvinhu.
Ngatiyeukei kuti, maererano neongororo yakaitwa muna 2020, 9.27% ββchete yevagadziri vepasuru vanoshandisa maviri-factor authentication kuchengetedza kupinda, uye mu13.37% yezviitiko, pakunyoresa maakaundi matsva, vagadziri vakaedza kushandisa zvakare mapassword akakanganiswa akaonekwa mukati. inozivikanwa password inobuda. Munguva yekuongorora kuchengetedza password, 12% yeNPM maakaunti (13% yemapakeji) yakawanikwa nekuda kwekushandiswa kweanofungidzira uye mashoma mapassword akadai se "123456." Pakati pezvainetsa paiva nemaakaundi mana emushandisi kubva kuPamusoro makumi maviri anonyanya kufarirwa mapakeji, gumi nematatu maakaundi ane mapakeji akatorwa kanopfuura mamirioni makumi mashanu pamwedzi, makumi mana aine anopfuura mamirioni gumi ekudhawunirodha pamwedzi, uye makumi maviri nemasere ane anopfuura miriyoni imwe yekurodha pamwedzi. Tichifunga nezve kurodha kwemamodule pamwe neketani yekutsamira, kukanganisa kwemaakaundi asina kuvimbika kunogona kukanganisa kusvika 4% yemamodule ese muNPM.
Source: opennet.ru