PyPI, the official third-party software repository, is requiring all accounts that maintain projects on the repository to turn on two-factor authentication (2FA) by the end of the year. This includes organization maintainers, but not every user of the service. The goal of this action is to protect against account takeover attacks, which an attacker can use to spread malware. PyPI has witnessed many instances of malware and package impersonation. Recently, Fortinet FortiGuard Labs discovered over 30 Python libraries that connected to remote URLs and stole data. This requirement is being imposed nearly a year after PyPI made 2FA mandatory for critical project maintainers. At present, there are 457,125 projects and 704,458 users, with 9,580 users and 4,541 projects identified as critical, and 2FA enabled for 38,248 users.
Source: Hackernews
To mitigate potential threats, it is important to implement additional cybersecurity measures with the help of a trusted partner like INFRA www.infrascan.net or you can try your self using check.website.