关于双重身份验证

双重身份验证 (2FA) 通过使用以下方式确认你的身份，防止未经授权访问你的账户：

¥Two-factor authentication (2FA) protects against unauthorized access to your account by confirming your identity using:

• 你知道的东西（例如，密码）。

  ¥Something you know (e.g., a password).

• 你拥有的东西（例如，身份证或加密密钥）。

  ¥Something you have (e.g., an ID badge or a cryptographic key).

• 你的身份（例如指纹或其他生物特性数据）。

  ¥Something you are (e.g., a fingerprint or other biometric data).

当你启用 2FA 时，系统会提示你进行第二种形式的身份验证，然后再对你的账户或你具有写入权限的包执行某些操作。根据你的 2FA 配置，系统将提示你使用 security-key 或 基于时间的一次性密码 (TOTP) 进行身份验证。

¥When you enable 2FA, you will be prompted for a second form of authentication before performing certain actions on your account or packages to which you have write access. Depending on your 2FA configuration you will be either prompted to authenticate with a security-key or a time-based one-time password (TOTP).

• 安全密钥流程允许你使用 Apple 触控 ID、人脸识别 或 Windows Hello 等生物识别设备以及 Yubikey、Thetis 或 Feitian 等物理密钥作为你的 2FA。

  ¥The security-key flow allows you to use biometric devices such as Apple Touch ID, Face ID or Windows Hello as well as physical keys such as Yubikey, Thetis or Feitian as your 2FA.

• 要配置 TOTP，你需要在移动设备上安装可以生成 OTP（例如 Authy、谷歌身份验证器 或 微软身份验证器）的身份验证器应用。

  ¥To configure TOTP you will need to install an authenticator application that can generate OTPs such as Authy, Google Authenticator, or Microsoft Authenticator on your mobile device.

npm 上的双重身份验证

¥Two-factor authentication on npm

可以为授权和写入启用 npm 上的双重身份验证，或者仅启用授权。

¥Two-factor authentication on npm can be enabled for authorization and writes, or authorization only.

授权和写入

¥Authorization and writes

默认情况下，为授权和写入启用 2FA。我们将为某些授权操作以及写入操作请求第二种形式的身份验证。

¥By default, 2FA is enabled for authorization and writes. We will request a second form of authentication for certain authorized actions, as well as write actions.

仅授权

¥Authorization only

如果你启用 2FA 仅用于授权。我们将仅针对某些授权操作请求第二种形式的身份验证。

¥If you enable 2FA for authorization only. We will request a second form of authentication only for certain authorized actions.