mfa for developers

Posted on Aug 18, 2022

With the increase in supply chain attacks in the software development industry, there’s been a steady increase in various players in the industry rolling out mandatory MFA requirements for developers.

Earlier this week RubyGems announced their intention to enforce MFA requirements on maintainers of gems with 180 million downloads or more.

PyPI announced support for MFA in mid 2019. This was an opt-in option for package maintainers back then. However, earlier this year they announced this policy was being made mandatory for maintainers of projects deemed critical.

Mozilla announced their MFA requirements for extension developers last year. GitHub required MFA for the npm registry in the past and recently announced their intention to extend this requirement out to all contributing developer accounts.

Okta has a blog post of industries requiring MFA mostly due to compliance requirements in each listed industry.

Expect more such developments across the software supply chain ecosystem as time progresses. Now if only there was a way to tackle some of the other problems with regards to software supply chain security.