Security News > 2022 > July > PyPI Repository Makes 2FA Security Mandatory for Critical Python Projects
The maintainers of the official third-party software repository for Python have begun imposing a new two-factor authentication condition for projects deemed "Critical."
"We've begun rolling out a 2FA requirement: soon, maintainers of critical projects must have 2FA enabled to publish, update, or modify them," Python Package Index said in a tweet last week.
"Any maintainer of a critical project are included in the 2FA requirement," it added.
The developers of critical projects who have not previously turned on 2FA on PyPi are being offered free hardware security keys from the Google Open Source Security Team.
PyPI, which is run by the Python Software Foundation, houses more than 350,000 projects, of which over 3,500 projects are said to be tagged with a "Critical" designation.
"Ensuring that the most widely used projects have these protections against account takeover is one step towards our wider efforts to improve the general security of the Python ecosystem for all PyPI users," PyPi said.
News URL
https://thehackernews.com/2022/07/pypi-repository-makes-2af-security.html
Related news
- Two simple give-me-control security bugs found in Optigo network switches used in critical manufacturing (source)
- CISA Warns of Critical Fortinet Flaw as Palo Alto and Cisco Issue Urgent Security Patches (source)
- HPE Issues Critical Security Patches for Aruba Access Point Vulnerabilities (source)
- Major security audit of critical FreeBSD components now available (source)