Python package index to import two-factor authentication to protect account

Python package index (Python Package Index, referred to PyPI) official in order to improve the security of Python packages downloaded in order to import two-factor authentication, whether in PyPI.org or test.pypi.org, all users can enable this feature protection account. PyPI now supports two-factor authentication method is only one that produces a time-limited one-time password to the application. Before setting up two-factor authentication, the user must first PyPI account verification e-mail, when the user account after PyPI enable two-factor authentication, subsequent login procedure, it is necessary to provide an additional mobile applications generated one-time password to be able to login.

At present, only visit the website will trigger the two-factor authentication program, the purpose is to protect the ownership of the project, to avoid the old version of the program code was deleted, or accounts being taken over, but do not need to enter the suite upload a one-time verification code. Currently being developed based on official WebAuthn multi-factor authentication, the future may allow users to log in Yubikeys as the second factor, and will increase API key for package uploads, protect more sensitive operations. This feature is sponsored by the Open Technology Fund (Open Technology Fund), kit working group coordinated by the Python Software Foundation build. Choking and more relevant sources of information to: FUN88 public station openbsd.org.tw/