"PyPI Enforces 2FA Authentication to Prevent Maintainers' Account Takeover"

The Python Package Index (PyPI), the official repository of third-party open source Python projects, will require two-factor authentication (2FA) for all project maintainers by the end of 2023. Supply chain attacks against the Python software repository have increased in the past few years. Threat actors have updated multiple packages with malware-containing versions. The repository's maintainers urge developers to enable 2FA on their accounts as soon as possible using a security device or an authentication app, and to transition to using either Trusted Publishers or Application Programming Interface (API) tokens to upload to PyPI. The maintainers emphasize the risks of supply chain attacks for both popular and compromised projects in someone's dependency. This article continues to discuss PyPI enforcing 2FA for all project maintainers by the end of the year due to security concerns.

Security Affairs reports "PyPI Enforces 2FA Authentication to Prevent Maintainers' Account Takeover"