Great job --- thanks to everyone who made this happen! 🎉 On Thu, May 2, 2019 at 10:48 AM Sumana Harihareswara <s...@changeset.nyc> wrote:
> PyPI users: To increase the security of PyPI downloads, we're beginning to > introduce two-factor authentication (2FA) as a login security option, and > want project maintainers and owners to start testing it. > > Starting this Friday, May 3rd, you'll be able to use 2FA on [Test PyPI]( > http://test.pypi.org/). And if you'd like to try 2FA on [official PyPI]( > https://pypi.org), please fill out [this Google form]( > https://docs.google.com/forms/d/e/1FAIpQLSfRmXhkfAL-LgLfcMdzTG7iIaSwPo-pyzkgv5DzvAU7Q-6XWQ/viewform) > so we can invite you to the private beta, which we plan to hold 3-20 May. > > PyPI currently supports a single 2FA method: generating a code through a > Time-based One-time Password (TOTP) application. After you set up 2FA on > your PyPI account, then you must provide a TOTP (along with your username > and password) to log in. Therefore, to use 2FA on PyPI, you'll need to > provision an application (usually a mobile phone app) in order to generate > authentication codes; our [our testing wiki page]( > https://wiki.python.org/psf/WarehousePackageMaintainerTesting) gives you > suggestions and pointers. > > This change only applies to the login step, not package uploads. > > More details at [our testing wiki page]( > https://wiki.python.org/psf/WarehousePackageMaintainerTesting). > > During this testing period, if things go awry, there's a chance we will > need to wipe tokens from users' accounts, so if you choose to try it, > please be forewarned. We strongly suggest you make sure you have a > PyPI-verified email address on your user account before trying the feature, > to make potential account recovery smoother. > > And please [let us know](https://github.com/pypa/warehouse/issues/new) if > you run into glitches. > > We expect to end this testing period on May 20th, then enable the optional > 2FA feature for all PyPI users, and move on to working on WebAuthn support. > > Thanks to the Open Technology Fund for funding this work. More progress > reports at [the Packaging Working Group's wiki page]( > https://wiki.python.org/psf/PackagingWG). > > -Sumana on behalf of the PyPI team > > (cross-posted to > https://discuss.python.org/t/pypi-two-factor-auth-2fa-trial-may-3-20/1590 > ) > -- > Sumana Harihareswara > Changeset Consulting > https://changeset.nyc > -- > Distutils-SIG mailing list -- distutils-sig@python.org > To unsubscribe send an email to distutils-sig-le...@python.org > https://mail.python.org/mailman3/lists/distutils-sig.python.org/ > Message archived at > https://mail.python.org/archives/list/distutils-sig@python.org/message/JMOBWXWYC2EFYB5JBFMXWBEGD4EAD3CC/ >
-- Distutils-SIG mailing list -- distutils-sig@python.org To unsubscribe send an email to distutils-sig-le...@python.org https://mail.python.org/mailman3/lists/distutils-sig.python.org/ Message archived at https://mail.python.org/archives/list/distutils-sig@python.org/message/AORUH2MJMUDBGEIKTZHQSBGDHNHSMQ5V/