Risky Bulletin Newsletter
May 29, 2023
Risky Biz News: PyPI to enforce 2FA, reduce stored IP addresses
Presented by

News Editor
The Python Software Foundation has taken several actions to improve the security and privacy of the official Python Package Index (PyPI) following a series of incidents over the past few weeks.
Plans are currently underway to enable two-factor authentication (2FA) for PyPI accounts and to reduce the instances where the PyPI portal needs to store a user's IP address.
All accounts that maintain a Python library on the PyPI portal must set a 2FA method by the end of the year or have their access to some PyPI features limited.