Go to content

RubyConf Mini 2022: RubyGems.org MFA: The Past, Present and Future by Jenny Shen

What do Ruby’s rest-client, Python’s ctx, and npm’s ua-parser-js have in common? They all suffered account takeovers that were preventable. Attackers aim to take control of a legitimate RubyGems.org user account and then use it to upload malicious code. It might dial home. It might steal your keys. Perhaps it will encrypt your disk. Or all of the above! Don’t you wish it couldn’t happen? MFA prevents 99.9% of account takeover attacks. Come learn about MFA, the history of RubyGems.org MFA support, the new MFA policy for top gems, and what’s on the horizon.

November 29, 2022