In the event you lose access to your 2FA device and recovery codes, these linked accounts can be used to verify your identity and expedite the recovery of your npm account. When you enable 2FA on your npm user account, we strongly recommend you link your GitHub and/or Twitter accounts to your npm user account. Here are a few examples:Įnter one-time password from your authenticator: 123456 To do this, append -otp=123456 (where 123456 is the code generated by your authenticator) at the end of the command. If you have enabled 2FA auth-and-writes, you will need to send the TOTP from the command line for certain commands to work. Sending a one-time password from the command line When prompted to add an OTP code from your authenticator, on the command line, enter a one-time password generated by your authenticator app. Type the number displayed below the QR code.Scan the QR code displayed on the command line.To add npm to your authenticator application, using the device with the app, you can either: To enable 2FA for authorization only, type: npm profile enable-2fa auth-only To enable 2FA for authorization and writes, type: npm profile enable-2fa auth-and-writes On the command line, type the npm profile command along with the option for the 2FA mode you want to enable: If you are logged out on the command line, log in using npm login command. Note: Settings you configure on the command line will also apply to your profile settings on the npm website. For secondary account recovery options, see " Configuring account recovery options."Ĭlick Go back to settings after confirming that you have saved your codes.Ĭheck the Authorization and writes section for more information on different operations that requires 2FA when this mode is enabled. You can view and regenerate your recovery code from your 2FA settings page. Recovery codes are the only way to ensure you can recover your account if you lose access to your second factor device. On the recovery code page, copy the recovery codes to your computer or other safe location that is not your second factor device. Enter the code generated by the app, then click Verify. When using an authenticator application on your phone, open it and scan the QR code on the two-step verification page.Below is an example of configuration from Microsoft Edge running on a MacOS.Follow the browser specific steps to add your security-key. When using a security-key, provide a name for it and click Add security key.For more information on supported 2FA methods, see " About two-factor authentication". On the 2FA method page, select the method you would like to enable and click Continue. When prompted provide your current account password and then click Confirm password to continue. On the account settings page, under "Two-Factor Authentication", click Enable 2FA. In the upper right corner of the page, click your profile picture, then click Account. On the npm " Sign In" page, enter your account details and click Sign In. Configuring 2FA from the website Enabling 2FA This blog post (link takes you to an external page) takes a more detailed look at the security concerns of SMS 2FA.Note: npm does not accept SMS (text-to-phone) as a 2FA method. Other channels Twilio Verify supports include push, voice, and email. Most customers end up implementing multiple forms of 2FA, so their users can choose the channel that works best for them. TOTP has stronger proof of possession than SMS, which can be legitimately accessed via multiple devices and may be susceptible to SIM swap attacks. Increased security compared to SMS 2FA: the secret key input for TOTP is only shared once and the method does not rely on the telephony network, which helps reduce the attack surface.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |