“There has never been a major security incident caused by leaked npm credentials, but our security work is never finished.”

This wasn’t the headline that npm lead with when they announced their support for two factor authentication recently, but it was a line that stuck out to me. It is fantastic to see that these critical parts of the infrastructure of web development are taking security seriously.

But that’s only half the battle, it’s up to all of us to secure our accounts with 2FA now too. Once you are setup with 2FA you will need both a password and a device to generate a one time code in order to authenticate with npm. This makes it much harder for anyone to take over your account and more importantly your npm packages.

Without further ado, here’s how to secure your npm account with 2FA and Authy.

Get up to date

To take advantage of this extra security, you’ll need the latest npm installed, version 5.5.0. Head to the command line and run: