Latest News

PyPI is Giving away 4000 Google Titan Security Keys to Counter Attacks

Arti

The "critical" designation is assigned to any PyPI project accounting for the top 1% of downloads over the past six months.

As part of the push to mandate two-factor authentication for critical projects, the Python Package Index will distribute 4,000 Google Titan security keys to developers. The Python Package Index, abbreviated as PyPI and also known as the Cheese Shop (a reference to Monty Python's Flying Circus sketch "Cheese Shop") is the official third-party software repository for Python. It is analogous to the CPAN repository for Perl and to the CRAN repository for R. PyPI is run by the Python Software Foundation, a charity. Some package managers, including pip, use PyPI as the default source for packages and their dependencies. As of 17 January 2022, more than 350,000 Python packages can be accessed through PyPI.

PyPI primarily hosts Python packages in the form of archives called sdists (source distributions) or precompiled "wheels." PyPI as an index allows users to search for packages by keywords or by filters against their metadata, such as free software license or compatibility with POSIX. A single entry on PyPI is able to store, aside from just a package and its metadata, previous releases of the package, precompiled wheels (e.g. containing DLLs on Windows), as well as different forms for different operating systems and Python versions.

The "critical" designation is assigned to any PyPI project accounting for the top 1% of downloads over the past six months. According to the dashboard published by PyPI, over 3,800 PyPI projects and 8,200 user accounts have been identified as critical. There are currently 28,336 users who have voluntarily enabled two-factor authentication.

"Ensuring that the most widely used projects have these protections against account takeover is one step towards our wider efforts to improve the general security of the Python ecosystem for all PyPI users," PyPI's administrators announced.

The decision to mandate two-factor authentication is an attempt to improve the supply chain security of the Python ecosystem and echoes a similar decision by GitHub to mandate two-factor authentication earlier this year. Recognizing that attackers are increasingly targeting libraries on npm, PyPI's JavaScript equivalent, GitHub auto-enrolled maintainers of the top 100 npm packages with two-factor authentication back in February.

Benefits of Titan Security Key

Strongest account protection

Security keys use public-key cryptography to verify a user's identity and URL of the login page ensuring attackers can't access your account even if you are tricked into providing your username and password.

Trusted hardware

Titan Security Keys are built with a hardware chip that includes firmware engineered by Google to verify the key's integrity. This helps to ensure that the keys haven't been physically tampered with.

Widely supported

Titan Security Keys works with popular devices, browsers, and a growing ecosystem of services that support FIDO standards. One security key can be used to sign in to work and personal services.

Features of Titan Security Key
Phishing-resistant 2FA

Titan Security Keys provide cryptographic proof that users are interacting with the legitimate service that they originally registered their security key and that they are in possession of their security key.

Tamper-resistant hardware

A hardware chip that includes firmware developed by Google helps to verify that the keys haven't been tampered with. The hardware chips are designed to resist physical attacks aimed at extracting firmware and secret key material.

Multiple form factors to ensure device compatibility

Titan Security Keys are available in two form factors: USB-A/NFC and USB-C/NFC.

Getting started

It's easy to get started with Titan Security Keys. Kits of two keys (one USB and one Bluetooth) are now available to U.S. customers on the Google Store (and coming soon to additional regions).  Titan Security Keys are also available to enterprise customers through a Google Cloud representative or our partner, Insight.

Titan Security Keys can be used anywhere FIDO security keys are supported. To set them up with your Google Account, sign in and navigate to the 2-Step Verification page (see detailed instructions here). Google Cloud admins can enable security key enforcement in G Suite and GCP (through Cloud Identity) to ensure that users use security keys for their accounts.

More Trending Stories 

Join our WhatsApp Channel to get the latest news, exclusives and videos on WhatsApp

                                                                                                       _____________                                             

Disclaimer: Analytics Insight does not provide financial advice or guidance. Also note that the cryptocurrencies mentioned/listed on the website could potentially be scams, i.e. designed to induce you to invest financial resources that may be lost forever and not be recoverable once investments are made. You are responsible for conducting your own research (DYOR) before making any investments. Read more here.

4 Coins That Are Ready to Beat Shiba Inu’s (SHIB) ROI This Bull Run

These 2 Affordable Altcoins are Beating Solana Gains This Cycle: Which Will Rally 500% First—DOGE or INTL?

Avalanche (AVAX) Nears Breakout Above $40; Shiba Inu (SHIB) Consolidates – Experts Say This New AI Crypto Could 75X

Web3 News Wire Launches Black Friday Sale: Up to 70% OFF on Crypto PR Packages

4 Cheap Tokens That Will Top Dogecoin’s (DOGE) 2021 Success in the Next Bull Run