Ka lebaka la linyeoe tse ntseng li eketseha tsa polokelo ea merero e meholo e ntseng e koeteloa le khoutu e mpe e ntseng e khothaletsoa ka ho sekisetsa liak'haonte tsa nts'etsopele, GitHub e hlahisa netefatso e atolositsoeng ea ak'haonte. Ka thoko, netefatso ea lintlha tse peli e tla hlahisoa bakeng sa bahlokomeli le batsamaisi ba liphutheloana tse 500 tse tsebahalang haholo tsa NPM mathoasong a selemo se tlang.
Ho tloha ka la 7 Tšitoe 2021 ho isa la 4 Pherekhong 2022, bahlokomeli bohle ba nang le tokelo ea ho phatlalatsa liphutheloana tsa NPM, empa ba sa sebelise netefatso ea lintlha tse peli, ba tla fetoleloa ho sebelisa netefatso ea ak'haonte e atolositsoeng. Netefatso e tsoetseng pele e hloka ho kenya khoutu ea nako e le 'ngoe e rometsoeng ka lengolo-tsoibila ha u leka ho kena webosaeteng ea npmjs.com kapa ho etsa ts'ebetso e netefalitsoeng ts'ebelisong ea npm.
Netefatso e ntlafalitsoeng ha e nke sebaka, empa e tlatselletsa feela netefatso ea lintlha tse peli e neng e fumaneha pele, e hlokang netefatso e sebelisang li-password tsa nako e le 'ngoe (TOTP). Ha netefatso ea lintlha tse peli e lumelletsoe, netefatso ea lengolo-tsoibila ha e sebelisoe. Ho qala ka la 1 Pherekhong 2022, ts'ebetso ea ho fetohela ho netefatso ea lintlha tse peli e tla qala bakeng sa bahlokomeli ba liphutheloana tse 100 tse tsebahalang haholo tsa NPM tse nang le palo e kholo ea batho ba itšetlehileng ka eona. Kamora ho qeta ho falla ha makholo a pele, phetoho e tla abeloa liphutheloana tse 500 tse tsebahalang haholo tsa NPM ka palo ea batho ba itšetlehileng ka eona.
Ntle le morero oa netefatso oa lintlha tse peli o fumanehang hajoale o ipapisitse le lits'ebetso tsa ho hlahisa li-password tsa nako e le 'ngoe (Authy, Google Authenticator, FreeOTP, joalo-joalo), ka Mmesa 2022 ba rera ho eketsa bokhoni ba ho sebelisa linotlolo tsa Hardware le li-scanner tsa biometric, eo ho nang le ts'ehetso bakeng sa protocol ea WebAuthn, hape le bokhoni ba ho ngolisa le ho laola lintlha tse ling tse fapaneng tsa netefatso.
Ha re hopole hore, ho latela phuputso e entsoeng ka 2020, ke 9.27% feela ea bahlokomeli ba liphutheloana ba sebelisang netefatso ea lintlha tse peli ho sireletsa phihlello, mme maemong a 13.37%, ha ba ngolisa li-account tse ncha, bahlahisi ba lekile ho sebelisa li-password tse senyehileng tse hlahang ho ho dutla ha password ho tsejwang. Nakong ea tlhahlobo ea ts'ireletso ea li-password, 12% ea li-account tsa NPM (13% ea liphutheloana) li ile tsa fihleloa ka lebaka la ts'ebeliso ea li-password tse sa lebelloang le tse sa reng letho joalo ka "123456." Har'a tse neng li le bothata e ne e le li-account tse 4 tsa basebelisi tse tsoang ho liphutheloana tse 20 tse tsebahalang haholo, li-account tse 13 tse nang le liphutheloana tse jarollotsoeng makhetlo a fetang limilione tse 50 ka khoeli, tse 40 tse jarollotsoeng tse fetang limilione tse 10 ka khoeli, le tse 282 tse jarollotsoeng tse fetang limilione tse 1 ka khoeli. Ha ho nahanoa ka ho kengoa ha li-module ho latela letoto la litšepeho, ho sekisetsa liak'haonte tse sa tšepahaleng ho ka ama ho fihla ho 52% ea li-module tsohle tsa NPM.
Source: opennet.ru