在你的组织中需要双重身份验证

组织所有者可以要求组织成员为其个人账户启用双重身份验证,从而使恶意行为者更难访问组织的包和设置

Organization owners can require organization members to enable two-factor authentication for their personal accounts, making it harder for malicious actors to access an organization's packages and settings

关于组织的双重身份验证

About two-factor authentication for organizations

双重身份验证 (2FA) 是登录网站或应用时使用的额外安全层。你可以要求组织中的所有成员在 npm 上启用双重身份验证。有关双重身份验证的更多信息,请参阅 "配置双重身份验证。"

Two-factor authentication (2FA) is an extra layer of security used when logging into websites or apps. You can require all members in your organization to enable two-factor authentication on npm. For more information about two-factor authentication, see "Configuring two-factor authentication.".

注意:

Note:

  • 当你需要为你的组织使用双重身份验证时,不使用 2FA 的成员将从组织中删除并失去对其包的访问权限。如果他们启用了双重身份验证,你可以将他们添加回组织。

    When you require use of two-factor authentication for your organization, members who do not use 2FA will be removed from the organization and lose access to its packages. You can add them back to the organization if they enable two-factor authentication.

  • 如果组织所有者未在其账户上启用 2FA,则他们不能选择要求组织进行 2FA。

    An organization owner cannot opt-in to requiring 2FA for an organization if they do not have 2FA enabled on their account.

  • 如果你是需要 2FA 的组织的成员,你将无法禁用 2FA,直到你离开该组织。

    If you are the member of an organization that requires 2FA you will not be able to disable 2FA until you leave that organization.

先决条件

Prerequisites

在你可以要求组织成员使用双重身份验证之前,你必须在 npm 上为你的账户启用双重身份验证。有关详细信息,请参阅 "配置双重身份验证。"

Before you can require organization members to use two-factor authentication, you must enable two-factor authentication for your account on npm. For more information, see "Configuring two-factor authentication.".

在你需要使用双重身份验证之前,我们建议通知组织成员并要求他们为其账户设置 2FA。你可以在组织成员页面查看成员是否已经使用 2Fa。

Before you require use of two-factor authentication, we recommend notifying organization members and asking them to set up 2FA for their accounts. You can see if members already use 2Fa in the organizations members page.

在你的组织中需要双重身份验证

Requiring two-factor authentication in your organization

  1. 在 npm“登录”页面上,输入您的帐户详细信息并单击登录 Screenshot of npm login dialog
  2. 在页面的右上角,点击您的个人资料照片,然后点击帐户 Screenshot of account settings selection in user menu
  3. 在左侧边栏中,单击您的组织名称。 Screenshot of a selected organization
  4. 在组织设置页面上,点击成员 Screenshot of the organization members tab
  5. 单击启用 2FA 强制执行按钮。

    Click the Enable 2FA Enforcement button.

    Screenshot of the enforce 2fa button
  6. 如果出现提示,请阅读有关将从组织中删除的成员的信息。键入你的组织名称以确认更改,然后单击删除成员并要求双重身份验证。

    If prompted, read the information about members who will be removed from the organization. Type your organization's name to confirm the change, then click Remove members & require two-factor authentication.

    Screenshot of the removal confirmation prompt
  7. 如果有任何成员从组织中删除,我们建议向他们发送邀请,以恢复他们以前的权限和对你组织的访问权限。他们必须先启用双重身份验证,然后才能接受你的邀请。

    If any members are removed from the organization, we recommend sending them an invitation that can reinstate their former privileges and access to your organization. They must enable two-factor authentication before they can accept your invitation.

帮助被移除的成员和外部合作者重新加入你的组织

Helping removed members and outside collaborators rejoin your organization

如果你在启用所需的双重身份验证时从组织中删除了任何成员,他们将收到一封电子邮件,通知他们已被删除。然后,他们应为其个人账户启用 2FA,并联系组织所有者以请求访问你的组织。

If any members are removed from the organization when you enable required use of two-factor authentication, they'll receive an email notifying them that they've been removed. They should then enable 2FA for their personal account, and contact an organization owner to request access to your organization.

npm 中文网 - 粤ICP备13048890号