Users should be notified by email about critical account security changes, such as:

• password change
• username change
• disabling two factor auth
• (dis)connecting with GitHub
• email change (send to old email)

The package repository notifies maintainers via email for critical account security changes, such as password changes or disabling multi-factor authentication. This helps users detect if their account has been compromised.