admin icon indicating copy to clipboard operation
admin copied to clipboard
verified publisher icon nodejs

Only allow secure two-factor methods

Open avivkeller opened this issue 3 months ago • 1 comments

Ref: https://openjs-foundation.slack.com/archives/CTPN0DFF0/p1757409567216549

Per OpenCollective,

In addition, we recommend that projects secure their accounts with biometric-protected passkeys. Specifically accounts with access to commit (i.e., GitHub) or distribution (i.e., package managers) wherever possible, and to never rely solely on SMS as a second authentication factor.

cc @nodejs/security-wg

avivkeller avatar Sep 09 '25 21:09 avivkeller

Related https://github.com/nodejs/TSC/issues/1776

flakey5 avatar Sep 09 '25 21:09 flakey5