Uvimba we-NPM ubandakanya ukuqinisekiswa kwezinto ezimbini ezinyanzelekileyo kwii-akhawunti ezigcina ama-500 eephakheji ze-NPM ezaziwa kakhulu. Inani leepakethe ezixhomekeke kuyo lisetyenziswe njengenqobo yokuthandwa. Abagcini beepakethe ezidwelisiweyo baya kukwazi ukwenza imisebenzi enxulumene nokuguqulwa kwindawo yokugcina kuphela emva kokwenza ukuqinisekiswa kwezinto ezimbini, efuna ukuqinisekiswa kokungena ngemvume usebenzisa i-passwords yexesha elinye (TOTP) eyenziwe zizicelo ezifana ne-Authy, i-Google Authenticator kunye ne-FreeOTP, okanye izitshixo zehardware kunye neskena sebhayometriki, exhasa iWebAuth protocol.
Eli linqanaba lesithathu lokomeleza ukhuseleko lwe-NPM ngokuchasene nokuthotywa kweakhawunti. Inqanaba lokuqala libandakanya ukuguqula zonke ii-akhawunti ze-NPM ezingenayo ukuqinisekiswa kwezinto ezimbini ezivunyelwe ukusebenzisa ukuqinisekiswa kwe-akhawunti ephezulu, efuna ukufaka ikhowudi yexesha elinye elithunyelwe nge-imeyile xa uzama ukungena kwi-npmjs.com okanye ukwenza umsebenzi oqinisekisiweyo kwi-npm. into eluncedo. Kwinqanaba lesibini, ukuqinisekiswa kwezinto ezimbini okunyanzelekileyo kuye kwavulwa kwiiphakheji ezili-100 ezithandwa kakhulu.
Masikhumbule ukuba ngokutsho kophononongo olwenziwe ngo-2020, kuphela yi-9.27% yabagcini bepakethe abasebenzisa ukuqinisekiswa kwezinto ezimbini ukukhusela ukufikelela, kwaye kwi-13.37% yamatyala, xa kubhaliswa iiakhawunti ezintsha, abaphuhlisi bazama ukuphinda basebenzise iipassword ezithotyiweyo ezivele kwindawo eyaziwayo. ukuvuza kwephasiwedi. Ngexesha lokuphononongwa kwe-password yokhuseleko, i-12% yeeakhawunti ze-NPM (i-13% yeepakethe) ziye zafikelelwa ngenxa yokusetyenziswa kwamagama ayimfihlo aqikelelwayo nangenamsebenzi anjenge-"123456." Phakathi kwezona ngxaki zaziyi-akhawunti yabasebenzisi aba-4 ukusuka kwiiphakheji ezidumileyo ezingama-20, iiakhawunti ezili-13 ezineephakheji ezikhutshelwe ngaphezulu kwezigidi ezingama-50 ngenyanga, ezingama-40 ezinokukhutshelwa okungaphezulu kwezigidi ezili-10 ngenyanga, kunye ne-282 enokukhutshelwa okungaphezulu kwesigidi esi-1 ngenyanga. Ukuthathela ingqalelo ukulayishwa kweemodyuli kunye nekhonkco lokuxhomekeka, ukuthotyelwa kweeakhawunti ezingathembekanga kunokuchaphazela ukuya kuthi ga kwi-52% yazo zonke iimodyuli ze-NPM.
umthombo: opennet.ru