As part of our ongoing commitment to npm ecosystem security we are expanding the options for 2FA by implementing WebAuthn support on npmjs.com.
Intended Outcome
npm account holders will be able to use WebAuthn to add security keys and biometric devices as 2FA sources for authentication to the regisry, publishing of packages, and any other operations that require an addiional factor of authentication.
How will it work?
We will do a complete overhaul of 2FA management on npmjs.com adding support for a variety of 2FA authentication options in npmjs.com account settings. When authenticating through npmjs.com customers will be able to use registered security keys and biometric devices in addition to Authentication Applications, as part of the authentication flow. If an account has enabled 2FA for publishing pacakges they will be propted to visit a unique URL to go through the WebAuthN flow if they do not want to use an Authentication Device (TOTP).
Customers will still be able to use authentication tokens to publish without 2FA if they desire for setting up automated workflows.
The text was updated successfully, but these errors were encountered:
Summary
As part of our ongoing commitment to npm ecosystem security we are expanding the options for 2FA by implementing WebAuthn support on npmjs.com.
Intended Outcome
npm account holders will be able to use WebAuthn to add security keys and biometric devices as 2FA sources for authentication to the regisry, publishing of packages, and any other operations that require an addiional factor of authentication.
How will it work?
We will do a complete overhaul of 2FA management on npmjs.com adding support for a variety of 2FA authentication options in npmjs.com account settings. When authenticating through npmjs.com customers will be able to use registered security keys and biometric devices in addition to Authentication Applications, as part of the authentication flow. If an account has enabled 2FA for publishing pacakges they will be propted to visit a unique URL to go through the WebAuthN flow if they do not want to use an Authentication Device (TOTP).
Customers will still be able to use authentication tokens to publish without 2FA if they desire for setting up automated workflows.
The text was updated successfully, but these errors were encountered: