Technology
PyPI repo to distribute 4,000 security keys to maintainers of ‘critical projects’ in 2FA drive
Google is providing Titan Security Keys to maintainers of projects in top 1% of downloads.
The Python Package Index (PyPI) is rolling out two-factor authentication (2FA) for “critical projects” in the form of physical security keys.
Mindful of the growing threat to software supply chains, the repository is distributing 4,000 Titan Security Keys to qualifying maintainers, who can redeem a promo code for two free keys, either USB-C or USB-A.
The Google Open Source Security Team, a sponsor of the Python Software Foundation that maintains PyPI, has provided the keys.
All maintainers of critical projects will have to log into their accounts using the keys in addition to a password, a requirement that “will go into effect in the coming months”, according to an announcement on the PyPI website.
The top 1%
Projects are deemed ‘critical’ if they are among the top 1% of PyPI projects by numbers of downloads over the prior six months.
That means that around 3,500 of roughly 350,000 PyPI projects will qualify.
And “once the project has been designated as critical it retains that designation indefinitely”, said the Python Software Foundation.
Titan hardware keys are only approved for sale, and can therefore only be distributed to, Austria, Belgium, Canada, France, Germany, Italy, Japan, Spain, Switzerland, the UK, and the US.
Maintainers of critical projects in non-eligible regions can either independently purchase an alternative FIDO U2F security key such as Yubikey or Thetis, or enable 2FA via a TOTP application.
However, PyPI warned that “using security keys via WebAuthn is generally considered to be more secure than using TOTP-based authentication applications for 2FA”.
The move follows a similar commitment made by the RubyGems code repository last month that was applicable to maintainers of gems with more than 165 million downloads.
GitHub also announced last month that 2FA would be made mandatory for all code contributors by the end of next year, while NPM is initially making 2FA mandatory for its top 100 Node.js package maintainers, with a broader rollout already underway.
[Music] Chief Oyerigha Echo Toikumoh – The Earlier The Better
Enzo Maresca and Mikel Arteta stated they will not take Pep Guardiola’s place at Manchester City
Alan Shearer reckons Liverpool star is ‘not going to get better’
NECO examiners threaten nationwide protest over unpaid entitlements
Jonathan congratulates Trump on historic election win
Peter Obi can become president in 2027 — Yunusa Tanko
Dua Lipa forced to cancel show after ‘unforeseen safety issues’
Uzoamaka Onuoha wins Best Female Performance in a feature at AFRIFF 2024
‘Phoenix Fury’ bags Best Film award at the 13th edition of AFRIFF
Vivo begins teasing new Dimensity 9400 flagships internationally
Google Pixel 11 and Pixel 11 Pro may trade performance gains for longer battery life
Manchester United players warned ‘only one is safe’ under Ruben Amorim
Austin DeAnda given impromptu makeover after he is forced to have haircut in the middle of fight
IG orders punishment for errant cops
Be ready to recover stolen mandate — Ighodalo tells PDP
No part of Ogun will be ceded under my watch — Dapo Abiodun
Ruger calls out auto tune and hype culture in music
I hate to play same role repeatedly — Actress Bimbo Akintola
Fans split on Davido, Wizkid, and Burna Boy’s Grammy nominations
Samsung Galaxy S25 Slim: Leaker reveals launch details for Samsung’s rival iPhone 17 Air
Realme names first smartphone to get Android 15 beta worldwide
England interim manager tipped for surprise Premier League job
Hakim Ziyech mocks Israeli supporters attacked in Amsterdam
Court jails seven for internet fraud in Kaduna
Edo APC criticizes Obaseki’s last-minute appointments
Edo PDP announces caretaker committee
Tems makes history after securing 3 nominations for the 67th Grammys
Beyoncé surpasses Jay-Z to become the most nominated artist in Grammy history
Davido, Wizkid, Tems, Asake make 2025 Grammy nominations
2025 GRAMMY: Academy unveils category changes ahead of nomination event
[STORY] THE PASTOR’S DAUGHTER (Final Episode 13)
[STORY] THE PASTOR’S DAUGHTER (Episode 12)
[STORY] THE PASTOR’S DAUGHTER (Episode 11)
[STORY] THE PASTOR’S DAUGHTER (Episode 10)
[STORY] THE PASTOR’S DAUGHTER (Episode 09)
[STORY] THE PASTOR’S DAUGHTER (Episode 08)
[STORY] THE PASTOR’S DAUGHTER (Episode 07)
[STORY] THE PASTOR’S DAUGHTER (Episode 06)
[STORY] THE PASTOR’S DAUGHTER (Episode 05)
[STORY] THE PASTOR’S DAUGHTER (Episode 04)
-
Technology2 years agoVoIP Number: Everything You Need To Know
-
Music2 weeks ago[Music] Gnash Ft Olivia O’Brien – I Hate you, I Love you
-
Music2 weeks ago[INSTRUMENTAL] John Legend – All Of Me
-
Music3 weeks agoAlan Walker – Faded [INSTRUMENTAL]
-
Music2 weeks ago[Video] 21 Savage ft. Offset & Metro Boomin – Rap Saved Me
-
Music2 weeks ago[Instrumental] Wiz Khalifa – See You Again ft. Charlie Puth
-
ANE Stories3 months ago[STORY] AMAKA THE LESBIAN (Complete Episodes)
-
Music3 weeks ago[Music] Akon – Sorry Blame It On Me