Rubygems switches to mandatory two -factor authentication for popular packages

To protect against attacks on the seizure of control over dependencies of the Rubygems repositories, I announced the transition to the use of mandatory two -factor of authentication for accounts of the accompanying 100 most popular (according to the number of downloads) packages, as well as packages of the loading number of which exceeds 165 million

At the first stage, the accompanying popular packages when using the UBYGEMS.org utilities or site will be displayed on the need to include two -factor authentication. On August 15, the recommendation will be replaced by a mandatory requirement to include two -factor authentication, without which access will not be provided. A month and a week before the mandatory two -factor authentication to the accompanying, the email notifications will also be sent.

In the 4th quarter of 2022, it is planned to expand the requirement for the use of two -factor authentication and for other categories of Rubygems users (criteria have not yet been approved, probably, as in the case of NPM, the coverage will be expanded to 500 of the most popular packages).

/Media reports.