Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.Sign up
Define manual account recovery process #5758
With the introduction of two factor authentication, we have decided that the PyPI admins will support manual account recovery, in addition to optional recovery codes. I have opened this ticket to discuss and define this policy, and address the questions:
There has already been some discussion on this issue in #5586:
I just enabled 2FA and was looking for recovery codes, so I'm particularly interested in this process. I have a mild preference for having actual codes vs the manual process, just because N days is a long time to wait. That's particularly important if for some reason you need to hurry up and make a release (e.g. CVE in your library). I mean, hopefully you have several people if your project is that important, but....
Hi @waynew thanks for your feedback. To be clear, our intention is to also offer manual recovery codes. However, users can choose not to enable these.
Manual account recovery is therefore limited to circumstances when:
a) a user has lost their recovery codes, or