<div dir="ltr">I got a notification from another organization I am a member of on Github[0] that they are going to require Two Factor Authentication[1] in response to recent news about some malicious code being shipped in a compromised npm package[2]. <div><br></div><div>We are vulnerable to having malicious code deployed to PyPI if one of our Github accounts is compromised. Thus, I wonder if we should also require that people with a commit bit have Two Factor Authentication enabled.<div><br></div><div>Thoughts?<br><div><br></div><div>[0] <a href="https://community.theforeman.org/t/require-2fa-for-github-organization-members/10404">https://community.theforeman.org/t/require-2fa-for-github-organization-members/10404</a><br clear="all"><div><div dir="ltr" class="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div>[1] <a href="https://help.github.com/articles/requiring-two-factor-authentication-in-your-organization/">https://help.github.com/articles/requiring-two-factor-authentication-in-your-organization/</a></div><div>[2] <a href="https://www.theregister.co.uk/2018/07/12/npm_eslint/">https://www.theregister.co.uk/2018/07/12/npm_eslint/</a></div><div><br></div><div>David<br></div></div></div></div></div></div></div></div></div></div></div></div>