Python Package Index (PyPI), the popular repository that hosts thousands of Python software packages, has just mandated the use of 2FA for all maintainer accounts.
The platform in it’s recent notice asked all it’s users to enable 2FA for their accounts and use their Trusted Publishers or API tokens to upload packages. This move is in line with the company’s long-term commitments to security enhancements to the platform.
2FA For All PyPI Accounts
To block supply chain attacks and secure all it’s users’ accounts better, PyPI is mandating the use of Two-Factor Authentication for all the accounts on it’s platform. This change is said to be obliged by the end of 2023 when users are recommended to use either a hardware security key or an Authentication app.
This move is in line with the company’s long-term commitment to enhancing the security of it’s platform: where it hosts over 200,000 Python packages. Developers of various kinds save time and effort by sourcing their Python needs from PyPI, every day.
The platform is already blocking compromised credentials to stop account takeovers, and implementing 2FA will further enhance it’s security. Also, the company asks users to use either their Trusted Publishers or API tokens to upload software repositories to PyPI.
This decision comes after the platform faced a bunch of adverse incidents like malware uploads, impersonation of famous packages and the re-submission of malicious code through hijacked accounts in recent months.
Thus, enabling a 2FA step would reduce these attacks and will also limit the number of package uploads from the new accounts of a suspended user.
Other Trending News:- News
