Today we launched the option for two-factor authentication on hex.pm. Starting today, you can activate 2FA via the hex.pm dashboard. Many thanks to community contributors Bryan Paxton and Jeffrey Liao for their work on this project.
Activating 2FA on your account will make it more secure. If a bad actor were to gain access to your account, they could publish malicious packages under your name. Adding a second authentication greatly reduces this risk.
At this point we do not anticipate making 2FA a requirement for accounts. However, you are responsible for your own account and we hope you take steps to mitigate any potential breach of it.
Two-factor auth has been tested with most popular applications. This includes Authy, Google Authenticator, Microsoft Authenticator, and 1Password. If you have a preferred app that you find does not work, please report it to us by emailing firstname.lastname@example.org.
The next project is to also offer 2FA in the Hex CLI. I expect that work to begin in earnest this summer.