How to enable 2FA for npm
Compatible With Authy
The best way to manage all your 2FA accounts is to use the Authy app. It enables you to have a single mobile app for all your 2FA accounts and you can sync them across multiple devices, even accessing them on the desktop. Install Authy on your device by searching for it in your device’s app store.
Important: If any sites prompt you to use Google Authenticator for two-factor authentication, note that you can always substitute the Authy 2FA app instead. Although they work in similar ways, Authy is more feature-rich and allows for multi-device syncing, cloud-backups, and easier account recovery should you change or lose your phone or device. Read more information on the features of Authy here.
Preparing For 2FA Setup
npm currently exposes the 2FA set-up via its command line tool. You will need to make sure you are using at least version 5.5.0 by running
npm install npm@next -g
Once you’ve updated your local npm CLI you will have access to the profile command.
The next step is to ensure login to the CLI with your npm account.
Now that you have logged into npm via the CLI. You can enable 2FA.
npm profile enable-tfa
Next, you need to capture the QR code. Launch Authy on your phone while you leave this page open. On your device’s Authy app, Click ‘Add Account’ at the bottom of the screen.
You’ll be prompted to hold your phone up to your computer to capture the QR code.
Capture the QR code that was displayed in your terminal. Once the QR code is captured, Authy prompts you to name your npm account (we’ll soon add an npm logo, too, so this will be automatic). When ready, click ‘Done’.
Complete 2FA Setup
Your Authy app will now be showing a token.
And your terminal session prompt will be waiting for you to enter that code. Do so, and then hit enter.
Recovery codes will be displayed after the 2FA enablement has been completed. Please keep them in a secure place.
Head to npm for more info on their two-factor authentication security.