The Python Package Index (PyPI) has stated that by the end of the year, every account that maintains a project on the system will be compelled to enable two-factor authentication (2FA).
PyPI is a software repository for Python programming language packages.
The index contains 200,000 packages, allowing developers to identify existing packages that meet specific project needs, saving time and effort.
The PyPI team said the decision to make 2FA required for all accounts is part of their long-term commitment to strengthening platform security, and it supports earlier steps such as barring compromised credentials and enabling API tokens.
The reduced danger of supply chain assaults is one advantage of 2FA protection. These attacks occur when an intruder obtains authority over a software maintainer’s account and installs a backdoor or malware to a package that is used as a dependency in other software projects.
Depending on the popularity of the product, such attacks may affect millions of people. While developers are responsible for thoroughly checking the building components of their projects, PyPI’s measures should make it easier to avoid this type of issue.
Furthermore, in recent months, the Python project repository has been plagued by frequent virus uploads, famou
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: