Like you’ve never made a mistake before. Blatantly blaming the maintainer is unfair. They made a mistake, it happens.

No, I have never, ever responded to an explicit ask to reset the most important security feature of my accounts, without me initiating it, and I use a password manager (lol) so, no, I will never, ever encounter this problem. Because I care about my data, safety, and integrity, and my users'. There's literally no reason ever why I would or will do a 2FA reset.

It does happen, yes, it's not terrifying.

▲

kelvinjps10 4 days ago | parent | next [-]

The wording was similar to how GitHub started requiring 2FA. It wasn't "there is the 2FA change that initiate" it was more of starting September 10 we will starting to request 2fa

	▲	nixosbestos 4 days ago \| parent [-]
		Edit: I get it, it was a pw+top phishing/proxy attack. Wouldn't have happened if they used passkeys or a password manager. Things that get dunked on here regularly. Hm.

▲

wewtyflakes 4 days ago | parent | prev [-]

Nobody cares if you, specifically, are this diligent. The terror is because unless _absolutely everyone_ who maintains NPM packages is this diligent, then we are all vulnerable. That sounds terrifying to me!