Email users on account security changes to alert them to potential compromise
naderman opened this issue · comments
Nils Adermann commented
Users should be notified by email about critical account security changes, such as:
- password change
- username change
- disabling two factor auth
- (dis)connecting with GitHub
- email change (send to old email)
The package repository notifies maintainers via email for critical account security changes, such as password changes or disabling multi-factor authentication. This helps users detect if their account has been compromised.