RubyGems, the official package manager for the Ruby programming language, has announced that it will mandate multi-factor authentication to boost security on the top 100 RubyGems packages. The announcement was released on Monday. Owners of gems with over 180 million downloads will be required to enroll in multi-factor authentication. This protects the package itself from attack, and the users who download the packages from unknowingly compromising their devices. Those who do not have MFA enabled will not be able to perform privileged actions until they do so, RubyGems explained.
Gem owners that surpass 165 million downloads will receive recommendation reminders about MFA. However, once the gem reaches 180 downloads, RubyGems will require MFA to be enabled. RubyGems stated that the new policy will bring the platform in line with requirements in other package ecosystems. NPM implemented mandatory MFA in February, and PyPl was not far behind, initiating the switch in July. RubyGems is looking to make its most popular packages more secure with the new regulations.
Read More: RubyGems Mandates MFA for Top-100 Package Maintainers