Enhanced 2FA experience for your npm account
Late last year, in response to an unprecedented series of account takeovers resulting from the compromise of developer accounts without 2FA enabled, we committed to a variety of enhancements to…
Late last year, in response to an unprecedented series of account takeovers resulting from the compromise of developer accounts without 2FA enabled, we committed to a variety of enhancements to the npm registry to make two-factor authentication (2FA) adoption easier for developers. Today, we are launching a public beta for a significantly improved 2FA experience to all npm accounts, including:
-
- Support for registering multiple second factors, such as security keys, biometric devices, and authentication applications
- A new 2FA configuration menu to manage keys and recovery codes
- Full CLI support for login and publish capabilities with physical security keys and biometric devices
- Ability to view and regenerate recovery codes
On February 1, we enrolled all maintainers of the top-100 npm packages into mandatory 2FA. On May 31, we will enroll the next cohort in mandatory 2FA—maintainers of the top-500 packages. The final cohort will be high-impact maintainers of packages with more than one million weekly downloads or 500 dependents later this year.
Prior to enrolling all high-impact maintainers in 2FA, we will:
- Streamline the process of logging in and publishing with WebAuthn
- Improve the account recovery process, including more secure forms of identity verification
To learn more about configuring 2FA, see Configuring two-factor authentication.
To learn more about 2FA in general, see About two-factor authentication.
For questions and comments, open a discussion in our feedback repository.
Tags:
Written by
Related posts
How researchers are using GitHub Innovation Graph data to estimate the impact of ChatGPT
An interview with economic researchers who are applying causal inference techniques to analyze the effect of generative AI tools on software development activity.
GitHub Availability Report: June 2024
In June, we experienced two incidents that resulted in degraded performance across GitHub services.
Advancing responsible practices for open source AI
Outcomes from the Partnership on AI and GitHub workshop.