Hi, my name is Tom Smykowski, I'm a staff full-stack engineer. I build and scale SaaS platforms to millions of users, working end-to-end from system architecture to frontend to mobile. On this blog I share what I learn about software security, developer practices, and the evolving landscape of digital threats.
What This Article Covers
Explore the upcoming changes in PyPI's security protocol with mandatory two-factor authentication (2FA) and the broader implications for software developers. This article delves into the increasing threat of account hijacking and how it impacts both active and inactive developers, including those who have moved on or passed away.
Questions This Article Answers
- Why is PyPI enforcing 2FA for all software publishers by the end of 2023?
- How are hackers exploiting the credentials of developers, and what are the consequences?
- What challenges arise when developers become inactive due to career changes or other reasons?
- How should online services handle software succession when a developer is no longer around?
- What measures can developers take today to protect their accounts from being compromised?
Length and Time
An insightful exploration of security challenges and developer responsibilities. Approximately 7 minutes to read.