PyPI Repository mandates two-factor authentication for critical Python projects.
Python Package Index (PyPI) announced last week that it would be requiring 2FA for maintaining critical projects.
"We've begun rolling out a 2FA requirement soon. Maintainers of critical projects must have 2FA enabled to publish, update, or modify them. " Python Package Index on Twitter.
PyPI added "Any maintainer of a critical project (both 'Maintainers' and 'Owners') are included in the 2FA requirement,"
The Python Software Foundation's PyPI hosts over 350,000 projects, including over 3,500 that are considered "critical."
Every project generating more than 1% of downloads over the previous six months is designated as critical, with this determination recalculated daily.
"This is a step towards improving the general security of the Python ecosystem for all PyPI users," PyPi said.
PyPi wants to improve the overall security of the Python ecosystem for all PyPI users by ensuring the most widely used projects have protection against account takeover.