Thursday, December 1, 2022
HomeGooglePyPI Mandate 2FA, Schedule Google Titan Key Giveaway

PyPI Mandate 2FA, Schedule Google Titan Key Giveaway

As part of the campaign to make two-factor authentication mandatory for mission-critical projects, the Python Package Index will distribute 4,000 Google Titan security keys to developers.

PyPI, the largest package manager for Python libraries and software components, has decided to make two-factor authentication mandatory for maintainers of “critical” Python projects. Two-factor authentication must be enabled for developers to publish, update, or modify their projects. This requirement would protect developers from account takeovers resulting from stolen credentials. There have been many instances of supply chain attacks where attackers have taken over code repositories and hijacked software libraries and modules hosted on popular package managers.

The “critical” designation is given to any PyPI project representing the top 1% of downloads in the last six months. According to the dashboard published by PyPI, more than 3,800 PyPI projects and 8,200 user accounts have been identified as critical. There are currently 28,336 users who have voluntarily enabled two-factor authentication.


“Ensuring that the most widely used projects have these account takeover protections is one step towards our broader efforts to improve the general security of the Python ecosystem for all PyPI users,” said PyPI. directors announced.

The decision to mandate two-factor authentication is an attempt to improve the supply chain security of the Python ecosystem and echoes a similar decision by GitHub to mandate two-factor authentication earlier. This year;. Recognizing that attackers are increasingly targeting libraries on npm, the JavaScript equivalent of PyPI, GitHub automatically registered maintainers of the top 100 npm packages with two-factor authentication in February.



Please enter your comment!
Please enter your name here

Most Popular