Security News > 2022 > July > PyPI Repository Makes 2FA Security Mandatory for Critical Python Projects
The maintainers of the official third-party software repository for Python have begun imposing a new two-factor authentication condition for projects deemed "Critical."
"We've begun rolling out a 2FA requirement: soon, maintainers of critical projects must have 2FA enabled to publish, update, or modify them," Python Package Index said in a tweet last week.
"Any maintainer of a critical project are included in the 2FA requirement," it added.
The developers of critical projects who have not previously turned on 2FA on PyPi are being offered free hardware security keys from the Google Open Source Security Team.
PyPI, which is run by the Python Software Foundation, houses more than 350,000 projects, of which over 3,500 projects are said to be tagged with a "Critical" designation.
"Ensuring that the most widely used projects have these protections against account takeover is one step towards our wider efforts to improve the general security of the Python ecosystem for all PyPI users," PyPi said.
News URL
https://thehackernews.com/2022/07/pypi-repository-makes-2af-security.html
Related news
- Download: CIS Critical Security Controls v8.1 (source)
- Critical Security Flaw in WhatsUp Gold Under Active Attack - Patch Now (source)
- Food security: Accelerating national protections around critical infrastructure (source)
- GitHub Patches Critical Security Flaw in Enterprise Server Granting Admin Privileges (source)
- Veeam Releases Security Updates to Fix 18 Flaws, Including 5 Critical Issues (source)
- Critical Security Flaw Found in LiteSpeed Cache Plugin for WordPress (source)
- 80% of Critical National Infrastructure Companies Experienced an Email Security Breach in Last Year (source)
- MFA bypass becomes a critical security issue as ransomware tactics advance (source)
- HPE patches three critical security holes in Aruba PAPI (source)