TIP: Enable Two Factor Authentication (2FA) with your NPM account

Since early October it’s possible to enable Two Factor Authentication with your NPM account.

2FA is another layer of defense for your account, preventing third parties from altering your code even if they steal or guess your credentials. This is one of the easiest and most important ways to ensure that only you can access to your npm account.

To enable it, run npm profile enable-2fa with one of these two options:

  1. auth-only: enable it for any login attempt
  2. auth-and-writes: enable it for any login attempt, publish event, profile change, etc.

Once enabled use an authentication application like Google Authenticator or Authy to generate your One-Time-Password.

Additional security measurements announced along with 2FA is the possibility to have read-only tokens — useful for all your CI/CD needs.

Note that NPM 5.5.1 or higher is required.

Protect your npm account with two-factor authentication and read-only tokens →
NPM: Using Two Factor Authentication →

Did this help you out? Like what you see?
Consider donating.

I don’t run ads on my blog nor do I do this for profit. A donation however would always put a smile on my face though. Thanks!

☕️ Buy me a Coffee ($3)

Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.