I-GitHub imemezele ukuthi amakhosombe e-NPM anika amandla ukuqinisekiswa kwezinto ezimbili kumaphakheji ayi-100 NPM afakwe njengokuncika enanini elikhulu lamaphakheji. Abanakekeli balawa maphakheji manje bazokwazi ukwenza imisebenzi yenqolobane eqinisekisiwe kuphela ngemva kokunika amandla ukuqinisekiswa kwezinto ezimbili, okudinga ukuqinisekiswa kokungena kusetshenziswa amaphasiwedi esikhathi esisodwa (TOTP) akhiqizwe izinhlelo zokusebenza ezifana ne-Authy, i-Google Authenticator ne-FreeOTP. Esikhathini esizayo esiseduze, ngaphezu kwe-TOTP, bahlela ukungeza ikhono lokusebenzisa okhiye behadiwe nezikena ze-biometric ezisekela iphrothokholi ye-WebAuth.
NgoMashi 1, kuhlelwe ukudlulisa wonke ama-akhawunti e-NPM angenakho ukuqinisekiswa kwezinto ezimbili okuvunyelwe ukusebenzisa ukuqinisekiswa kwe-akhawunti okwandisiwe, okudinga ukufaka ikhodi yesikhathi esisodwa ethunyelwe nge-imeyili uma uzama ukungena ku-npmjs.com noma wenze ukuqinisekiswa ukusebenza kuhlelo lokusebenza lwe-npm. Uma ukuqinisekiswa kwezinto ezimbili kunikwe amandla, ukuqinisekiswa okunwetshiwe kwe-imeyili akusetshenziswa. Ngomhlaka-16 no-13 Februwari, ukwethulwa kwesivivinyo kwesikhashana kokuqinisekisa okunwetshiwe kwawo wonke ama-akhawunti kuzokwenziwa usuku.
Masikhumbule ukuthi ngokocwaningo olwenziwa ngo-2020, bangama-9.27% kuphela abagcini bephakheji abasebenzisa ukuqinisekiswa kwezinto ezimbili ukuze bavikele ukufinyelela, futhi ku-13.37% yamacala, lapho kubhaliswa ama-akhawunti amasha, abathuthukisi bazama ukusebenzisa kabusha ama-password onakalisiwe avele endaweni eyaziwayo. ukuvuza kwephasiwedi. Ngesikhathi sokubuyekezwa kwezokuphepha kwephasiwedi, u-12% wama-akhawunti we-NPM (13% wamaphakeji) afinyelelwe ngenxa yokusetshenziswa kwamagama ayimfihlo abikezelwayo nangasho lutho njengokuthi “123456.” Phakathi kwezinkinga kwakukhona ama-akhawunti abasebenzisi angu-4 avela kumaphakheji aziwa kakhulu angu-20, ama-akhawunti angu-13 anamaphakheji alandwe izikhathi ezingaphezu kwezigidi ezingu-50 ngenyanga, angu-40 ngokulandwa okungaphezu kwezigidi ezingu-10 ngenyanga, kanti angu-282 ngokulanda okungaphezu kwesigidi esisodwa ngenyanga. Uma kucatshangelwa ukulayishwa kwamamojula ochungechungeni lokuncika, ukuthotshiswa kwama-akhawunti angathembekile kungase kuthinte kufike ku-1% wawo wonke amamojula ku-NPM.
Source: opennet.ru