Safeguard
Tag

2fa

Safeguard articles tagged "2fa" — guides, analysis, and best practices for software supply chain and application security.

7 articles

AI Security

The Security Chores Agents Should Handle Themselves

Enabling 2FA, rotating a password, revoking a stale session, minting a scoped key — the account-hygiene tasks everyone postpones. When an agent can do them through MCP, 'later' becomes 'now.'

Jul 9, 20264 min read
Supply Chain Attacks

Anatomy of a PyPI Compromise: How durabletask Got Hijacked in 35 Minutes

Three malicious durabletask releases hit PyPI in a 35-minute window in May 2026 — a maintainer-token theft, not a code review failure.

Jul 8, 20266 min read
Open Source Security

PyPI 2FA Lessons Two Years In

PyPI mandated 2FA for all maintainers in 2024. Two years in, account takeovers dropped — but attackers shifted to OIDC tokens, abandoned packages, and maintainer devices.

Mar 6, 20267 min read
Open Source Security

npm Mandatory 2FA for Publishing: How the November 2025 Rollout Hardened the Registry

After the Shai-Hulud worm compromised more than 500 npm packages in September 2025, GitHub published a revised timeline forcing FIDO 2FA, 90-day token caps, and disabled token publishing by default. Here is the defender view.

Jan 22, 20266 min read
Open Source Security

RubyGems 2FA Enforcement Analysis

A look at how RubyGems.org rolled out mandatory 2FA for high-traffic gem maintainers, what it has caught, and what gaps still remain in the account-compromise defense story.

Apr 18, 20247 min read
Open Source Security

PyPI 2FA Enrollment: Enterprise Rollout

PyPI's 2FA mandate isn't just a personal-account concern anymore — enterprises publishing Python libraries have real rollout work to do. A playbook from the front lines.

Oct 28, 20236 min read
Open Source Security

PyPI Mandatory 2FA for Critical Packages: A Turning Point for Python Security

PyPI's decision to require two-factor authentication for critical package maintainers marks a significant step toward securing the Python supply chain.

Feb 10, 20236 min read
2fa — Safeguard Blog