I-GitHub ngoku iya kufuna bonke abasebenzisi abanikela ngekhowudi ukuba basebenzise i-FA2 ekupheleni kuka-2023

Logo yeGitHub

Iinyanga eziliqela ngoku siye sagqabaza ngeempapasho eziliqela into esiyenzayo nge piingxaki zokhuseleko eziye zavela kwi-GitHub kwaye malunga nemilinganiselo ababecebe ukuyidibanisa eqongeni ukuze bakwazi ukuchasana nomlinganiselo omkhulu wezithuba zokhuseleko abaduni basebenzise ithuba lokufikelela kwiindawo zokugcina iiprojekthi.

Kwaye ngoku ngoku, I-GitHub idize ukuba iya kufuna ukuba bonke abasebenzisi abanikela ngekhowudi kwiqonga vumela uhlobo olunye okanye ngaphezulu koqinisekiso lwezinto ezimbini (2FA).

"I-GitHub ikwimeko ekhethekileyo apha, ngenxa yokuba uninzi loluntu oluvulelekileyo kunye nabadali bahlala kwi-GitHub.com, sinokwenza impembelelo entle kukhuseleko lwenkqubo yendalo yehlabathi ngokunyusa umgangatho wolwazi lococeko. ,” utshilo uMike Hanley, igosa eliyintloko lezokhuseleko laseGitHub (CSO). “Sikholelwa ukuba olu lolona ncedo lubalaseleyo lwenkqubo yendalo esinokuthi siyinike, kwaye sizimisele ekuqinisekiseni ukuba nayiphi na imiceli mngeni okanye imiqobo iyoyiswa ukuze siqinisekise ukwamkelwa okunempumelelo. »

I-GitHub ibhengeze ukuba bonke abasebenzisi abafaka ikhowudi kwisayithi baya kufuna ukwenza enye okanye ngaphezulu iifom ezimbini zokuqinisekiswa kwezinto ezimbini (2FA) ekupheleni kwe-2023 ukuze uqhubeke usebenzisa iqonga.

Umgaqo-nkqubo omtsha wabhengezwa kwiposti yebhlog  nguGitHub iGosa eliyiNtloko yoKhuseleko (CSO) uMike Hanley, owaqaqambisa indima yeqonga lobunikazi leMicrosoft ekukhuseleni imfezeko yenkqubo yophuhliso lwesoftware kwizoyikiso ezenziwe ngabadlali abakhohlakeleyo abathatha ulawulo. yeeakhawunti zomphuhlisi.

Ewe kunjalo, amava omsebenzisi ophuhlisi athathelwa ingqalelo, kwaye uMike Hanley ugxininisa ukuba le mfuneko ayizukukulimaza:

“I-GitHub izibophelele ekuqinisekiseni ukuba ukhuseleko oluluqilima lweakhawunti aluzi ngeendleko zamava omphuhlisi omkhulu, kwaye injongo yethu yokuphela kuka-2023 isinika ithuba lokuyilungiselela loo nto. Njengoko imigangatho iguquka, siya kuqhubeka sijonga iindlela ezintsha zokuqinisekisa ngokukhuselekileyo abasebenzisi, kubandakanya ukuqinisekiswa okungenaphasiwedi. Abaphuhlisi kwihlabathi liphela banokujonga phambili ekuqinisekiseni ngakumbi kunye neenketho zokufumana kwakhona iakhawunti, ngokunjalo

Nangona ukuqinisekiswa kwezinto ezininzi kunika ukhuseleko olongezelelweyo kubalulekile kwiiakhawunti ze-intanethi, Uphando lwangaphakathi lweGitHub lubonisa ukuba kuphela i-16,5% yabasebenzisi abasebenzayo (malunga nenye kwezintandathu) ngoku vumela amanyathelo okhuseleko awandisiweyo kwiiakhawunti zabo, inani eliphantsi elimangalisayo linikwe ukuba iqonga elivela kwisiseko somsebenzisi kufuneka liqaphele ingozi yokukhusela i-password kuphela.

Ngokuyalela aba basebenzisi kumgangatho ophantsi ophakamileyo ukhuseleko lweakhawunti, GitHub lithemba ukomeleza ukhuseleko jikelele yophuhliso lwesoftware yoluntu lulonke.

“NgoNovemba ka-2021, iGitHub yazibophelela kutyalo-mali olutsha kukhuseleko lwe-akhawunti ye-npm kulandela ukufunyanwa kweepakethe ze-npm ngenxa yokuthotyelwa kweeakhawunti zomphuhlisi ngaphandle kwe-2FA. Siyaqhubeka ukwenza uphuculo kukhuseleko lwe-akhawunti ye-npm kwaye sizibophelele ekukhuseleni ii-akhawunti zomphuhlisi nge-GitHub.

"Uninzi lolwaphulo lokhuseleko aluyiyo imveliso yohlaselo olungaqhelekanga lweentsuku zero, kodwa endaweni yoko lubandakanya uhlaselo lwexabiso eliphantsi olufana nobunjineli bentlalontle, ubusela bokuvuza okanye ukuvuza, kunye nezinye iindlela ezinika abahlaseli uluhlu olubanzi lokufikelela kwiiakhawunti zamaxhoba kunye nezixhobo. basebenzisa. babe nokufikelela. Iiakhawunti ezithotyiweyo zingasetyenziselwa ukubiwa ikhowudi yabucala okanye ukwenza utshintsho olubi kulo khowudi. Oku akuvezi kuphela abantu kunye nemibutho ehambelana neeakhawunti ezithintekayo, kodwa nabo bonke abasebenzisi bekhowudi echaphazelekayo. Ngenxa yoko, ukubakho kwempembelelo esezantsi kwi-ecosystem yesoftware kunye nekhonkco lobonelelo likhulu.

Umfuniselo osele wenziwe ngeqhekeza leseti esezantsi yabasebenzisi beqonga leGitHub sele umisele umzekelo wokufuna ukusetyenziswa kwe-2FA kunye neseti encinci yabasebenzisi beqonga, emva kokuyivavanya kunye nabaxhasi kwiilayibrari ezidumileyo zeJavaScript ezisasazwe ngesoftware yolawulo lwephakheji ye-npm.

Kuba iiphakheji ze-npm ezisetyenziswa kakhulu zinokukhutshelwa izigidi zamaxesha ngeveki, ziyinto ekujoliswe kuyo enomtsalane kubasebenzisi be-malware. Kwezinye iimeko, abahlaseli baye baphazamisa ii-akhawunti zabaxhasi be-npm kwaye basebenzise ukukhulula uhlaziyo lwesofthiwe efakwe ngabaphangi beephasiwedi kunye nabavukuzi be-crypto.

Ukuphendula, i-GitHub yenze ukuqinisekiswa kwezinto ezimbini okunyanzelekileyo kubagcini beephakheji eziphezulu ze-100 npm ukususela ngoFebruwari 2022. Inkampani iceba ukwandisa iimfuno ezifanayo kubaxhasi beepakethe eziphezulu ze-500 ekupheleni kukaMeyi.

Ngokubanzi, oku kuthetha ukubeka umhla wokugqibela wokusebenzisa i-2FA yesinyanzelo kuyo yonke indawo kunye noyilo lweendlela zokuhamba ezihamba phambili zokuqhuba abasebenzisi ukuba bamkelwe kakuhle ngaphambi komhla wokugqibela ka-2024, utshilo uHanley.

Ukukhusela isoftware yomthombo ovulekileyo kuhlala kuyinkxalabo ecinezelayo kushishino lwesoftware, ngakumbi emva kokuba sesichengeni kwelog4j yalo nyaka uphelileyo. Kodwa ngelixa umgaqo-nkqubo omtsha we-GitHub uya kunciphisa ezinye izoyikiso, imingeni yenkqubo ihleli: Iiprojekthi ezininzi zesoftware evulekileyo zisagcinwa ngamavolontiya angahlawulwanga, kwaye ukuvala umsantsa wenkxaso-mali kubonwa njengomba omkhulu kushishino lwetekhnoloji lulonke.

Gqibela ukuba unomdla wokwazi okungakumbi ngayo, ungajonga iinkcukacha Kule khonkco ilandelayo.


Umxholo wenqaku uyabambelela kwimigaqo yethu imigaqo yokuziphatha yokuhlela. Ukuxela impazamo cofa apha.

Yiba ngowokuqala ukuphawula

Shiya uluvo lwakho

Idilesi yakho ye email aziyi kupapashwa.

*

*

  1. Uxanduva lwedatha: UMiguel Ángel Gatón
  2. Injongo yedatha: Ulawulo lwe-SPAM, ulawulo lwezimvo.
  3. Umthetho: Imvume yakho
  4. Unxibelelwano lwedatha: Idatha ayizukuhanjiswa kubantu besithathu ngaphandle koxanduva lomthetho.
  5. Ukugcinwa kweenkcukacha
  6. Amalungelo: Ngalo naliphi na ixesha unganciphisa, uphinde uphinde ucime ulwazi lwakho.