Wednesday, February 8, 2023
  • Events
  • Interviews
  • Jobs
  • Opinion
  • Whitepapers
  • Glossary
  • Community Forum
  • Web Hosting Directory
  • Login
  • Register
Cloud7 News
  • Cloud Computing
  • Web Hosting
  • Data Center
  • Linux
  • Cybersecurity
  • More
    • Network/Internet
    • Windows
    • Software
    • Hardware
    • Blockchain
    • Policy/Legislation
    • How-Tos
    • Troubleshooting
No Result
View All Result
Cloud7 News
  • Cloud Computing
  • Web Hosting
  • Data Center
  • Linux
  • Cybersecurity
  • More
    • Network/Internet
    • Windows
    • Software
    • Hardware
    • Blockchain
    • Policy/Legislation
    • How-Tos
    • Troubleshooting
No Result
View All Result
Cloud7 News
No Result
View All Result

Home > Cybersecurity > PyPI is going to mandate 2FA for critical Python projects

PyPI is going to mandate 2FA for critical Python projects

PyPI announced that it will apply a two-factor authentication (2FA) requirement for critical projects. It will become effective in the coming months.


Hanife Diktas Hanife Diktas
July 11, 2022
3 min read
PyPI is going to mandate 2FA for critical Python projects
  • The Python Package Index, aka PyPI, is a third-party software repository that helps Python developers to find and install software developed with the Python programming language.
  • According to PyPI, any project in the top 1% of downloads over the prior six months is considered critical. PyPI is now enforcing 2FA requirements for projects considered critical.
  • The Google Open Source security team is providing free hardware security keys to developers of crucial projects who have not yet enabled 2FA on PyPI.

The Python Package Index (PyPI) is a repository of third-party open-source projects for the Python programming language. PyPI helps users find and install software developed by the Python community. The Python Package Index revealed a new plan on its webpage, for making two-factor authentication requirements mandatory for maintainers of “critical” projects.

2FA will be mandatory

PyPI has started enforcing a new two-factor authentication (2FA) requirement for projects considered critical. According to PyPI, any project in the top 1% of downloads over the prior 6 months is considered critical. And any maintainer of a critical project (both maintainers and owners) is required to implement the 2FA authorization. There are more than 350K projects on PyPI, and over 3,500 projects are accounted for as a critical designation. This determination is recalculated daily by PyPI.

We’ve begun rolling out a 2FA requirement: soon, maintainers of critical projects must have 2FA enabled to publish, update, or modify them.

To ensure that these maintainers can use strong 2FA methods, we're also distributing 4000 hardware security keys!https://t.co/gcCNWSqBcU

— Python Package Index (@pypi) July 8, 2022

The developers of critical projects who have not previously turned on 2FA on PyPI are being offered free hardware security keys from the Google Open Source security team. Furthermore, to ensure the maintainers use 2FA, PyPI will distribute a total of 4000 hardware security keys. The users who are eligible to receive security keys must be maintainers of critical projects who have not previously enabled 2FA on PyPI and can ship their keys to an eligible region, which are:

  • Austria
  • Belgium
  • Canada
  • France
  • Germany
  • Italy
  • Japan
  • Spain
  • Switzerland
  • United Kingdom
  • United States

If a maintainer of a critical project is not in an eligible country and needs to enable 2FA, there are two options: Independently purchase a FIDO U2F security key from a security key vendor that is available in the region, such as Yubikey or Thetis. Alternatively, it will enable 2FA via a TOTP application instead. 

The 2FA enforcement comes after several security breaches targeting the open-source repositories in recent months. Last year, popular npm developer accounts were hijacked to insert malicious code into highly used packages “ua-parser-js“, “coa“, and “rc“. After the incident, npm’s parent company GitHub, has taken steps to strengthen the login security by entailing 2FA for maintainers and admins.

See more Cybersecurity News


Tags: Python
Hanife Diktas

Hanife Diktas

Hanife Diktas is a news editor at Cloud7 News. Hanife started her career in the manufacturing sector in the marketing and sales department. Hanife worked in industrial equipment, renewable energy, and technology sectors. Hanife Diktas did her bachelor's degree in business administration and completed a master's degree in management at Yeditepe University in Istanbul, Turkey. Hanife is a Linux user, and she also contributed to AlmaLinux OS at the beginning of the project. Hanife focuses on web hosting, cloud computing, data centers, cybersecurity, Linux OS, and virtualization technologies. Hanife enjoys creating content and shooting videos covering these topics.

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

I agree to the Terms & Conditions and Privacy Policy.

Next Post
Omdia: Sustainability ranks top on data center operators’ agendas

Omdia: Sustainability ranks top on data center operators’ agendas

Related News

New local privilege escalation vulnerability strikes X.Org server

New local privilege escalation vulnerability strikes X.Org server

February 7, 2023 9:45 pm
Red Hat brings new security capabilities to Red Hat OpenShift

Red Hat brings new security capabilities to Red Hat OpenShift

February 7, 2023 8:55 pm
Cisco fixes command injection vulnerability

Cisco fixes command injection vulnerability

February 6, 2023 5:00 pm
Fortra's GoAnywhere managed file transfer is under attack

Fortra’s GoAnywhere managed file transfer is under attack

February 6, 2023 4:00 pm
Get free daily newsletters from Cloud7 News Get the Cloud7 Newsletter
Select list(s):

Check your inbox or spam folder to confirm your subscription.

By subscribing, you agree to our
Copyright Policy and Privacy Policy

Get the free newsletter

Subscribe to receive the latest IT business updates straight to your inbox.

Select list(s):

Check your inbox or spam folder to confirm your subscription.

Editor's Choice

What’s new in Linux kernel 6.2 rc6?

10 Best Web Hosting Services of 2023

Ubuntu 22.04 LTS is available for download. What is new?

CERN and Fermilab recommend AlmaLinux

7 best hosting control panels of 2023

How to update Linux Kernel without rebooting?

7 best Linux mail servers of 2023

7 best cPanel alternatives for 2023

7 best Linux web browsers for 2023

7 best CentOS alternatives

7 best Linux server distros of 2023

Interview with Igor Seletskiy on AlmaLinux

How to create a VM on VMware Workstation

Recent News

  • New local privilege escalation vulnerability strikes X.Org server
  • Red Hat brings new security capabilities to Red Hat OpenShift
  • With BuddyPress 12.0, BP Rewrites will support backward compatibility
  • Dell to lay off 6,650 employees
  • Canonical joins the Academy Software Foundation

Cloud7 News
Cloud7 is a news source that publishes the latest news, reviews, comparisons, opinions, and exclusive interviews to help tech users of high-experience levels in the IT industry.

EXPLORE

  • Web Hosting
  • Cloud Computing
  • Data Center
  • Cybersecurity
  • Linux
  • Network/Internet
  • Software
  • Hardware
  • How-Tos
  • Troubleshooting

RESOURCES

  • Events
  • Interviews
  • Jobs
  • Opinion
  • Whitepapers
  • Glossary
  • Community Forum
  • Web Hosting Directory

Get the Cloud7 Newsletter

Get FREE daily newsletters from Cloud7 delivering the latest news and reviews.

  • About
  • Privacy & Policy
  • Copyright Policy
  • Contact

© 2023, Cloud7 News. All rights reserved.

No Result
View All Result
  • Cloud Computing
  • Web Hosting
  • Data Center
  • Linux
  • Cybersecurity
  • More
    • Network/Internet
    • Windows
    • Software
    • Hardware
    • Blockchain
    • Policy/Legislation
    • How-Tos
    • Troubleshooting
  • Events
  • Interviews
  • Jobs
  • Opinion
  • Whitepapers
  • Glossary
  • Community Forum
  • Web Hosting Directory

© 2023, Cloud7 News. All rights reserved.

Welcome Back!

Sign In with Facebook
Sign In with Google
Sign In with Linked In
OR

Login to your account below

Forgotten Password? Sign Up

Create New Account!

Sign Up with Facebook
Sign Up with Google
Sign Up with Linked In
OR

Fill the forms below to register

*By registering into our website, you agree to the Terms & Conditions and Privacy Policy.
All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In
This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy and Cookie Policy.