PyPI Mandates 2FA, Plans Google Titan Key Giveaway

  /     /     /  
Publicated : 23/11/2024   Category : security


PyPI Mandates 2FA, Plans Google Titan Key Giveaway


Pythons most popular package manager is intent on securing the supply chain by requiring developers to enable two-factor authentication.



As part of the push to mandate two-factor authentication for critical projects, the Python Package Index will distribute 4,000 Google Titan security keys to developers.
PyPI, the largest package manager for Python libraries and software components, has decided to mandate two-factor authentication for maintainers of critical Python projects. Two-factor authentication must be enabled for developers to be able to publish, update, or modify their projects. This requirement would protect developers from account takeovers as a result of stolen credentials. There have been numerous instances of supply chain attacks where attackers took over code repositories and hijacked software libraries and modules hosted on popular package managers.
The critical designation is assigned to any PyPI project accounting for the top 1% of downloads over the past six months. According to the dashboard published by PyPI, over 3,800 PyPI projects and 8,200 user accounts have been
identified
as critical. There are currently 28,336 users who have voluntarily enabled two-factor authentication.
Ensuring that the most widely used projects have these protections against account takeover is one step towards our wider efforts to improve the general security of the Python ecosystem for all PyPI users, PyPIs
administrators announced
.
The decision to mandate two-factor authentication is an attempt to improve the supply chain security of the Python ecosystem and echoes a similar decision by GitHub to
mandate two-factor authentication earlier this year
. Recognizing that attackers are increasingly targeting libraries on npm, PyPIs JavaScript equivalent, GitHub auto-enrolled maintainers of the top 100 npm packages with two-factor authentication back in February.

Last News

▸ 7 arrested, 3 more charged in StubHub cyber fraud ring. ◂
Discovered: 23/12/2024
Category: security

▸ Nigerian scammers now turning into mediocre malware pushers. ◂
Discovered: 23/12/2024
Category: security

▸ Beware EMV may not fully protect against skilled thieves. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
PyPI Mandates 2FA, Plans Google Titan Key Giveaway