Enhanced 2FA experience for your npm account
Late last year, in response to an unprecedented series of account takeovers resulting from the compromise of developer accounts without 2FA enabled, we committed to a variety of enhancements to…
Late last year, in response to an unprecedented series of account takeovers resulting from the compromise of developer accounts without 2FA enabled, we committed to a variety of enhancements to the npm registry to make two-factor authentication (2FA) adoption easier for developers. Today, we are launching a public beta for a significantly improved 2FA experience to all npm accounts, including:
-
- Support for registering multiple second factors, such as security keys, biometric devices, and authentication applications
- A new 2FA configuration menu to manage keys and recovery codes
- Full CLI support for login and publish capabilities with physical security keys and biometric devices
- Ability to view and regenerate recovery codes
On February 1, we enrolled all maintainers of the top-100 npm packages into mandatory 2FA. On May 31, we will enroll the next cohort in mandatory 2FA—maintainers of the top-500 packages. The final cohort will be high-impact maintainers of packages with more than one million weekly downloads or 500 dependents later this year.
Prior to enrolling all high-impact maintainers in 2FA, we will:
- Streamline the process of logging in and publishing with WebAuthn
- Improve the account recovery process, including more secure forms of identity verification
To learn more about configuring 2FA, see Configuring two-factor authentication.
To learn more about 2FA in general, see About two-factor authentication.
For questions and comments, open a discussion in our feedback repository.
Tags:
Written by
Related posts
Explore the best of GitHub Universe: 9 spaces built to spark creativity, connection, and joy
See what’s happening at Universe 2025, from experimental dev tools and career coaching to community-powered spaces. Save $400 on your pass with Early Bird pricing.
Agents panel: Launch Copilot coding agent tasks anywhere on GitHub
Delegate coding tasks to Copilot and track progress wherever you are on GitHub. Copilot works in the background, creates a pull request, and tags you for review when finished.
Q1 2025 Innovation Graph update: Bar chart races, data visualization on the rise, and key research
Discover the latest trends and insights on public software development activity on GitHub with the quarterly release of data for the Innovation Graph, updated through March 2025.