Ngenxa yokunyuka kwamatyala ogcino lweeprojekthi ezinkulu ezithinjwayo kunye nekhowudi ekhohlakeleyo ekhuthazwayo ngokuthotyelwa kweeakhawunti zomphuhlisi, iGitHub yazisa ukuqinisekiswa kweakhawunti okwandisiweyo. Ngokwahlukileyo, ukuqinisekiswa kwezinto ezimbini okunyanzelekileyo kuya kwaziswa kubagcini nabalawuli beephakheji ze-NPM ezithandwa kakhulu ezingama-500 ekuqaleni konyaka ozayo.
Ukususela nge-7 kaDisemba 2021 ukuya kuJanuwari 4, 2022, bonke abagcini abanelungelo lokupapasha iipakethe ze-NPM, kodwa bangasebenzisi ukuqinisekiswa kwezinto ezimbini, baya kutshintshelwa ekusebenziseni ukuqinisekiswa kwe-akhawunti eyandisiweyo. Ukuqinisekiswa okuphezulu kufuna ukufaka ikhowudi yexesha elinye ethunyelwe nge-imeyile xa uzama ukungena kwiwebhusayithi ye-npmjs.com okanye wenze umsebenzi oqinisekisiweyo kwi-npm utility.
Ukuqinisekiswa okuphuculweyo akuthathi indawo, kodwa kuyancedisa kuphela, ukuqinisekiswa kwezinto ezimbini ezikhethiweyo ngaphambili, ezifuna ukuqinisekiswa usebenzisa i-passwords yexesha elinye (TOTP). Xa ungqinisiso lwezinto ezimbini luvuliwe, uqinisekiso olwandisiweyo lwe-imeyile alusetyenziswa. Ukuqala ngoFebruwari 1, 2022, inkqubo yokutshintshela kwisinyanzelo sezinto ezimbini zokuqinisekisa iiphakheji ezihamba kunye ne-100 ze-NPM ezithandwa kakhulu kunye nenani elikhulu labaxhomekeke liya kuqala. Emva kokugqiba ukufuduka kwekhulu lokuqala, utshintsho luya kuhanjiswa kwiiphakheji ze-NPM ezidumileyo ze-500 ngenani lokuxhomekeka.
Ukongeza kwiskim esikhoyo ngoku sezinto ezimbini zokuqinisekisa ngokusekwe kwizicelo zokuvelisa iipassword zexesha elinye (Authy, Google Authenticator, FreeOTP, njl.), ngo-Epreli 2022 baceba ukongeza amandla okusebenzisa izitshixo zehardware kunye neeskena zebhayometriki, kuba apho kukho inkxaso ye-WebAuthn protocol, kunye nokukwazi ukubhalisa nokulawula izinto ezongezelelweyo zokuqinisekisa.
Masikhumbule ukuba, ngokophononongo olwenziwa ngo-2020, kuphela yi-9.27% yabagcini bephakheji abasebenzisa ukuqinisekiswa kwezinto ezimbini ukukhusela ukufikelela, kwaye kwi-13.37% yamatyala, xa kubhaliswa ii-akhawunti ezintsha, abaphuhlisi bazama ukuphinda basebenzise iipasswords eziye zavela ukuvuza kwephasiwedi okwaziwayo. Ngexesha lokuphononongwa kwe-password yokhuseleko, i-12% yeeakhawunti ze-NPM (i-13% yeepakethe) ziye zafikelelwa ngenxa yokusetyenziswa kwamagama ayimfihlo aqikelelwayo nangenamsebenzi anjenge-"123456." Phakathi kwezona ngxaki zaziyi-akhawunti yabasebenzisi aba-4 ukusuka kwiiphakheji ezidumileyo ezingama-20, iiakhawunti ezili-13 ezineephakheji ezikhutshelwe ngaphezulu kwezigidi ezingama-50 ngenyanga, ezingama-40 ezinokukhutshelwa okungaphezulu kwezigidi ezili-10 ngenyanga, kunye ne-282 enokukhutshelwa okungaphezulu kwesigidi esi-1 ngenyanga. Ukuthathela ingqalelo ukulayishwa kweemodyuli kunye nekhonkco lokuxhomekeka, ukuthotyelwa kweeakhawunti ezingathembekanga kunokuchaphazela ukuya kuthi ga kwi-52% yazo zonke iimodyuli ze-NPM.
umthombo: opennet.ru