2FA enforcement on web services #47

fcollonval · 2023-07-20T08:48:25Z

fcollonval
Jul 20, 2023
Maintainer

For security reasons, it will be good to enforce 2FA on the web services; namely GitHub, PyPI and NPM.

Current status:

GitHub organization: 2FA is enforced
NPM: 2FA is not enforced but can be (some members don't have 2FA activated at this time)
PyPI: 2FA is not enforced and cannot be enforced (some members don't have 2FA activated at this time)

I concur with @krassowski (see comment) that we should enforce 2FA if possible.

I propose to contact the members that don't have 2FA activated on NPM and PyPI with a two-week notice before enforcing it on NPM.

cc @jupyterlab-contrib/members @bollwyvl @wolfv @zacharyrs

fcollonval · 2023-07-20T08:49:51Z

Small update, 2FA can be enforced on PyPI on a per project basis.

0 replies